Contacts can now accept full Unicode, fixed #172 and #171

This commit is contained in:
Pinga 2024-11-01 12:14:19 +02:00
parent ef475600b3
commit 4fa1289334
6 changed files with 181 additions and 129 deletions

View file

@ -152,53 +152,53 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
return;
}
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) {
if (!validateLocField($postalInfoLocName, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
return;
}
if ($postalInfoLocOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) {
if (!validateLocField($postalInfoLocOrg, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
return;
}
}
if ($postalInfoLocStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) {
if (!validateLocField($postalInfoLocStreet1, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return;
}
}
if ($postalInfoLocStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) {
if (!validateLocField($postalInfoLocStreet2, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return;
}
}
if ($postalInfoLocStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) {
if (!validateLocField($postalInfoLocStreet3, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return;
}
}
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) {
if (!validateLocField($postalInfoLocCity, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
return;
}
if ($postalInfoLocSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) {
if (!validateLocField($postalInfoLocSp, 2)) {
sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans);
return;
}
}
if ($postalInfoLocPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) {
if (!validateLocField($postalInfoLocPc, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans);
return;
}

View file

@ -237,53 +237,53 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return;
}
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) {
if (!validateLocField($postalInfoLocName, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
return;
}
if ($postalInfoLocOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) {
if (!validateLocField($postalInfoLocOrg, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
return;
}
}
if ($postalInfoLocStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) {
if (!validateLocField($postalInfoLocStreet1, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return;
}
}
if ($postalInfoLocStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) {
if (!validateLocField($postalInfoLocStreet2, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return;
}
}
if ($postalInfoLocStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) {
if (!validateLocField($postalInfoLocStreet3, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return;
}
}
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) {
if (!validateLocField($postalInfoLocCity, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
return;
}
if ($postalInfoLocSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) {
if (!validateLocField($postalInfoLocSp, 2)) {
sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans);
return;
}
}
if ($postalInfoLocPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) {
if (!validateLocField($postalInfoLocPc, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans);
return;
}

View file

@ -666,4 +666,20 @@ function expandIPv6($ip) {
}
return implode(':', $expanded);
}
function validateLocField($input, $minLength = 5, $maxLength = 255) {
// Normalize input to NFC form
$input = normalizer_normalize($input, Normalizer::FORM_C);
// Remove control characters to prevent hidden injections
$input = preg_replace('/[\p{C}]/u', '', $input);
// Define a general regex pattern to match Unicode letters, numbers, punctuation, and spaces
$locRegex = '/^[\p{L}\p{N}\p{P}\p{Zs}\-\/&.,]+$/u';
// Check length constraints and regex pattern
return mb_strlen($input) >= $minLength &&
mb_strlen($input) <= $maxLength &&
preg_match($locRegex, $input);
}