zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-17 10:06:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Contacts can now accept full Unicode, fixed #172 and #171

Browse source
This commit is contained in:
Pinga 2024-11-01 12:14:19 +02:00
parent ef475600b3
commit 4fa1289334
6 changed files with 181 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

116
cp/app/Controllers/ContactsController.php
View file

@ -157,63 +157,57 @@ class ContactsController extends Controller
} }
if ($postalInfoLocName) { if ($postalInfoLocName) {
if (!$postalInfoLocName) { if (!validateLocField($postalInfoLocName, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Missing loc contact name');
return $response->withHeader('Location', '/contact/create')->withStatus(302);
}
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact name'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact name');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
if ($postalInfoLocOrg) { if ($postalInfoLocOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) { if (!validateLocField($postalInfoLocOrg, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact org'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact org');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
} }
if ($postalInfoLocStreet1) { if ($postalInfoLocStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) { if (!validateLocField($postalInfoLocStreet1, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact street'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact street');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
} }
if ($postalInfoLocStreet2) { if ($postalInfoLocStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) { if (!validateLocField($postalInfoLocStreet2, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact street 2'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact street 2');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
} }
if ($postalInfoLocStreet3) { if ($postalInfoLocStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) { if (!validateLocField($postalInfoLocStreet3, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact street 3'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact street 3');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
} }
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) { if (!validateLocField($postalInfoLocCity, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact city'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact city');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
if ($postalInfoLocSp) { if ($postalInfoLocSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) { if (!validateLocField($postalInfoLocSp, 2)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact state/province'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact state/province');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
} }
if ($postalInfoLocPc) { if ($postalInfoLocPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) { if (!validateLocField($postalInfoLocPc, 3)) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact postal code'); $this->container->get('flash')->addMessage('error', 'Unable to create contact: Invalid loc contact postal code');
return $response->withHeader('Location', '/contact/create')->withStatus(302); return $response->withHeader('Location', '/contact/create')->withStatus(302);
} }
} }
} }
$normalizedVoice = normalizePhoneNumber($voice, strtoupper($postalInfoIntCc)); $normalizedVoice = normalizePhoneNumber($voice, strtoupper($postalInfoIntCc));
@ -273,6 +267,12 @@ class ContactsController extends Controller
} }
} }
// Check if either postalInfoIntName or postalInfoLocName exists
if (!$postalInfoIntName && !$postalInfoLocName) {
$this->container->get('flash')->addMessage('error', 'Unable to create contact: At least one of the postal info types (INT or LOC) is required.');
return $response->withHeader('Location', '/contact/create')->withStatus(302);
}
try { try {
$db->beginTransaction(); $db->beginTransaction();
$currentDateTime = new \DateTime(); $currentDateTime = new \DateTime();
@ -298,6 +298,7 @@ class ContactsController extends Controller
); );
$contact_id = $db->getLastInsertId(); $contact_id = $db->getLastInsertId();
if ($postalInfoIntName) {
$db->insert( $db->insert(
'contact_postalInfo', 'contact_postalInfo',
[ [
@ -317,6 +318,7 @@ class ContactsController extends Controller
'disclose_addr_int' => $disclose_addr_int 'disclose_addr_int' => $disclose_addr_int
] ]
); );
}
if ($postalInfoLocName) { if ($postalInfoLocName) {
$db->insert( $db->insert(
@ -822,7 +824,7 @@ class ContactsController extends Controller
$authInfo_pw = $data['authInfo'] ?? null; $authInfo_pw = $data['authInfo'] ?? null;
if (!$identifier) { if (!$identifier) {
$this->container->get('flash')->addMessage('error', 'Please provide a contact ID'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Please provide a contact ID');
return $response->withHeader('Location', '/contacts')->withStatus(302); return $response->withHeader('Location', '/contacts')->withStatus(302);
} }
@ -835,58 +837,58 @@ class ContactsController extends Controller
if ($postalInfoIntName) { if ($postalInfoIntName) {
if (!$postalInfoIntName) { if (!$postalInfoIntName) {
$this->container->get('flash')->addMessage('error', 'Missing contact name'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Missing contact name');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntName)) { if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntName)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact name'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact name');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if ($postalInfoIntOrg) { if ($postalInfoIntOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntOrg)) { if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntOrg)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact org'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact org');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoIntStreet1) { if ($postalInfoIntStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1)) { if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact street'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact street');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoIntStreet2) { if ($postalInfoIntStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2)) { if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact street'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact street');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoIntStreet3) { if ($postalInfoIntStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3)) { if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact street'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact street');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoIntCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoIntCity)) { if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoIntCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoIntCity)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact city'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact city');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if ($postalInfoIntSp) { if ($postalInfoIntSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoIntSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoIntSp)) { if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoIntSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoIntSp)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact state/province'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact state/province');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoIntPc) { if ($postalInfoIntPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoIntPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoIntPc)) { if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoIntPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoIntPc)) {
$this->container->get('flash')->addMessage('error', 'Invalid contact postal code'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid contact postal code');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
@ -894,92 +896,86 @@ class ContactsController extends Controller
} }
if ($postalInfoLocName) { if ($postalInfoLocName) {
if (!$postalInfoLocName) { if (!validateLocField($postalInfoLocName, 3)) {
$this->container->get('flash')->addMessage('error', 'Missing loc contact name'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact name');
return $response->withHeader('Location', '/contacts')->withStatus(302);
}
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact name');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if ($postalInfoLocOrg) { if ($postalInfoLocOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) { if (!validateLocField($postalInfoLocOrg, 3)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact org'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact org');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoLocStreet1) { if ($postalInfoLocStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) { if (!validateLocField($postalInfoLocStreet1, 3)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact street'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact street');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoLocStreet2) { if ($postalInfoLocStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) { if (!validateLocField($postalInfoLocStreet2, 3)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact street'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact street 2');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoLocStreet3) { if ($postalInfoLocStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) { if (!validateLocField($postalInfoLocStreet3, 3)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact street'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact street 3');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) { if (!validateLocField($postalInfoLocCity, 3)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact city'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact city');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if ($postalInfoLocSp) { if ($postalInfoLocSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) { if (!validateLocField($postalInfoLocSp, 2)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact state/province'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact state/province');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
if ($postalInfoLocPc) { if ($postalInfoLocPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) { if (!validateLocField($postalInfoLocPc, 3)) {
$this->container->get('flash')->addMessage('error', 'Invalid loc contact postal code'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Invalid loc contact postal code');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
} }
if ($voice && (!preg_match('/^\+\d{1,3}\.\d{1,14}$/', $voice) || strlen($voice) > 17)) { if ($voice && (!preg_match('/^\+\d{1,3}\.\d{1,14}$/', $voice) || strlen($voice) > 17)) {
$this->container->get('flash')->addMessage('error', 'Voice must be (\+[0-9]{1,3}\.[0-9]{1,14})'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Voice must be (\+[0-9]{1,3}\.[0-9]{1,14})');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if ($fax && (!preg_match('/^\+\d{1,3}\.\d{1,14}$/', $fax) || strlen($fax) > 17)) { if ($fax && (!preg_match('/^\+\d{1,3}\.\d{1,14}$/', $fax) || strlen($fax) > 17)) {
$this->container->get('flash')->addMessage('error', 'Fax must be (\+[0-9]{1,3}\.[0-9]{1,14})'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Fax must be (\+[0-9]{1,3}\.[0-9]{1,14})');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$this->container->get('flash')->addMessage('error', 'Email address failed check'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Email address failed check');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if (!$authInfo_pw) { if (!$authInfo_pw) {
$this->container->get('flash')->addMessage('error', 'Email contact authinfo'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Email contact authinfo');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if ((strlen($authInfo_pw) < 6) || (strlen($authInfo_pw) > 16)) { if ((strlen($authInfo_pw) < 6) || (strlen($authInfo_pw) > 16)) {
$this->container->get('flash')->addMessage('error', 'Password needs to be at least 6 and up to 16 characters long'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Password needs to be at least 6 and up to 16 characters long');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
if (!preg_match('/[A-Z]/', $authInfo_pw)) { if (!preg_match('/[A-Z]/', $authInfo_pw)) {
$this->container->get('flash')->addMessage('error', 'Password should have both upper and lower case characters'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: Password should have both upper and lower case characters');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
@ -998,11 +994,17 @@ class ContactsController extends Controller
$nin_type = (isset($data['isBusiness']) && $data['isBusiness'] === 'on') ? 'business' : 'personal'; $nin_type = (isset($data['isBusiness']) && $data['isBusiness'] === 'on') ? 'business' : 'personal';
if (!preg_match('/\d/', $nin)) { if (!preg_match('/\d/', $nin)) {
$this->container->get('flash')->addMessage('error', 'NIN should contain one or more numbers'); $this->container->get('flash')->addMessage('error', 'Unable to update contact: NIN should contain one or more numbers');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302); return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
} }
} }
// Check if either postalInfoIntName or postalInfoLocName exists
if (!$postalInfoIntName && !$postalInfoLocName) {
$this->container->get('flash')->addMessage('error', 'Unable to update contact: At least one of the postal info types (INT or LOC) is required.');
return $response->withHeader('Location', '/contact/update/'.$identifier)->withStatus(302);
}
try { try {
$db->beginTransaction(); $db->beginTransaction();
$currentDateTime = new \DateTime(); $currentDateTime = new \DateTime();
@ -1032,10 +1034,10 @@ class ContactsController extends Controller
[$identifier] [$identifier]
); );
if ($postalInfoIntName) {
$db->update( $db->update(
'contact_postalInfo', 'contact_postalInfo',
[ [
'type' => 'int',
'name' => $postalInfoIntName ?? null, 'name' => $postalInfoIntName ?? null,
'org' => $postalInfoIntOrg ?? null, 'org' => $postalInfoIntOrg ?? null,
'street1' => $postalInfoIntStreet1 ?? null, 'street1' => $postalInfoIntStreet1 ?? null,
@ -1050,9 +1052,11 @@ class ContactsController extends Controller
'disclose_addr_int' => $disclose_addr_int 'disclose_addr_int' => $disclose_addr_int
], ],
[ [
'contact_id' => $contact_id 'contact_id' => $contact_id,
'type' => 'int',
] ]
); );
}
if ($postalInfoLocName) { if ($postalInfoLocName) {
$does_it_exist = $db->selectValue("SELECT id FROM contact_postalInfo WHERE contact_id = ? AND type = 'loc'", [$contact_id]); $does_it_exist = $db->selectValue("SELECT id FROM contact_postalInfo WHERE contact_id = ? AND type = 'loc'", [$contact_id]);
@ -1061,7 +1065,6 @@ class ContactsController extends Controller
$db->update( $db->update(
'contact_postalInfo', 'contact_postalInfo',
[ [
'type' => 'loc',
'name' => $postalInfoLocName ?? null, 'name' => $postalInfoLocName ?? null,
'org' => $postalInfoLocOrg ?? null, 'org' => $postalInfoLocOrg ?? null,
'street1' => $postalInfoLocStreet1 ?? null, 'street1' => $postalInfoLocStreet1 ?? null,
@ -1077,6 +1080,7 @@ class ContactsController extends Controller
], ],
[ [
'contact_id' => $contact_id, 'contact_id' => $contact_id,
'type' => 'loc',
] ]
); );
} else { } else {

16
cp/bootstrap/helper.php
View file

@ -526,3 +526,19 @@ function generateAuthInfo(): string {
return $retVal; return $retVal;
} }
function validateLocField($input, $minLength = 5, $maxLength = 255) {
// Normalize input to NFC form
$input = normalizer_normalize($input, Normalizer::FORM_C);
// Remove control characters to prevent hidden injections
$input = preg_replace('/[\p{C}]/u', '', $input);
// Define a general regex pattern to match Unicode letters, numbers, punctuation, and spaces
$locRegex = '/^[\p{L}\p{N}\p{P}\p{Zs}\-\/&.,]+$/u';
// Check length constraints and regex pattern
return mb_strlen($input) >= $minLength &&
mb_strlen($input) <= $maxLength &&
preg_match($locRegex, $input);
}

38
cp/resources/views/admin/contacts/viewContact.twig
View file

@ -80,27 +80,39 @@
</div> </div>
</div> </div>
</div> </div>
{% if contactPostal is not empty %}
{% set intExists = false %}
{% set locExists = false %}
{% for postal in contactPostal %}
{% if not (intExists and locExists) %}
{% if postal.type == 'int' %}
{% set intExists = true %}
{% elseif postal.type == 'loc' %}
{% set locExists = true %}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<ul class="nav nav-tabs card-header-tabs" data-bs-toggle="tabs"> <ul class="nav nav-tabs card-header-tabs" data-bs-toggle="tabs">
<li class="nav-item"> <li class="nav-item">
<a href="#tabs-int" class="nav-link active" data-bs-toggle="tab">{{ __('International') }}</a> <a href="#tabs-int" class="nav-link{% if intExists or (not intExists and not locExists) %} active{% endif %}" data-bs-toggle="tab">{{ __('Internationalized') }}</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="#tabs-loc" class="nav-link" data-bs-toggle="tab">{{ __('Localized') }}</a> <a href="#tabs-loc" class="nav-link{% if not intExists and locExists %} active{% endif %}" data-bs-toggle="tab">{{ __('Localized') }}</a>
</li> </li>
</ul> </ul>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="tab-content"> <div class="tab-content">
{% if contactPostal is not empty %} {% if contactPostal is not empty %}
{% set intExists = false %} {% if intExists %}
{% set locExists = false %}
{% for postal in contactPostal %} {% for postal in contactPostal %}
{% if postal.type == 'int' %} {% if postal.type == 'int' %}
{% set intExists = true %} <div class="tab-pane {% if intExists or (not intExists and not locExists) %} show active{% endif %}" id="tabs-int">
<div class="tab-pane active show" id="tabs-int"> <h4>{{ __('Internationalized Contact Details') }}</h4>
<h4>{{ __('International Contact Details') }}</h4>
<div class="datagrid"> <div class="datagrid">
<div class="datagrid-item"> <div class="datagrid-item">
<div class="datagrid-title">{{ __('Name') }}</div> <div class="datagrid-title">{{ __('Name') }}</div>
@ -174,15 +186,19 @@
</div> </div>
</div> </div>
</div> </div>
{% elseif postal.type == 'loc' %}
{% set locExists = true %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% else %}
<div class="tab-pane {% if intExists or (not intExists and not locExists) %} show active{% endif %}" id="tabs-int">
<h4>{{ __('Internationalized Contact Details') }}</h4>
<div>{{ __('No Internationalized Contact Information Available') }}</div>
</div>
{% endif %}
{% if locExists %} {% if locExists %}
{% for postal in contactPostal %} {% for postal in contactPostal %}
{% if postal.type == 'loc' %} {% if postal.type == 'loc' %}
<div class="tab-pane" id="tabs-loc"> <div class="tab-pane{% if not intExists and locExists %} show active{% endif %}" id="tabs-loc">
<h4>{{ __('Localized Contact Details') }}</h4> <h4>{{ __('Localized Contact Details') }}</h4>
<div class="datagrid"> <div class="datagrid">
<div class="datagrid-item"> <div class="datagrid-item">
@ -260,7 +276,7 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
{% else %} {% else %}
<div class="tab-pane" id="tabs-loc"> <div class="tab-pane{% if not intExists and locExists %} show active{% endif %}" id="tabs-loc">
<h4>{{ __('Localized Contact Details') }}</h4> <h4>{{ __('Localized Contact Details') }}</h4>
<div>{{ __('No Localized Contact Information Available') }}</div> <div>{{ __('No Localized Contact Information Available') }}</div>
</div> </div>

16
epp/src/epp-create.php
View file

@ -152,53 +152,53 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) { if (!validateLocField($postalInfoLocName, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
return; return;
} }
if ($postalInfoLocOrg) { if ($postalInfoLocOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) { if (!validateLocField($postalInfoLocOrg, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocStreet1) { if ($postalInfoLocStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) { if (!validateLocField($postalInfoLocStreet1, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocStreet2) { if ($postalInfoLocStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) { if (!validateLocField($postalInfoLocStreet2, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocStreet3) { if ($postalInfoLocStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) { if (!validateLocField($postalInfoLocStreet3, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return; return;
} }
} }
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) { if (!validateLocField($postalInfoLocCity, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
return; return;
} }
if ($postalInfoLocSp) { if ($postalInfoLocSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) { if (!validateLocField($postalInfoLocSp, 2)) {
sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocPc) { if ($postalInfoLocPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) { if (!validateLocField($postalInfoLocPc, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans);
return; return;
} }

16
epp/src/epp-update.php
View file

@ -237,53 +237,53 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
return; return;
} }
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocName)) { if (!validateLocField($postalInfoLocName, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
return; return;
} }
if ($postalInfoLocOrg) { if ($postalInfoLocOrg) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocOrg)) { if (!validateLocField($postalInfoLocOrg, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocStreet1) { if ($postalInfoLocStreet1) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet1)) { if (!validateLocField($postalInfoLocStreet1, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocStreet2) { if ($postalInfoLocStreet2) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet2)) { if (!validateLocField($postalInfoLocStreet2, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocStreet3) { if ($postalInfoLocStreet3) {
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoLocStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoLocStreet3)) { if (!validateLocField($postalInfoLocStreet3, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
return; return;
} }
} }
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocCity) || !preg_match('/^[a-z][a-z\-\.\s]{3,}$/i', $postalInfoLocCity)) { if (!validateLocField($postalInfoLocCity, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
return; return;
} }
if ($postalInfoLocSp) { if ($postalInfoLocSp) {
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoLocSp) || !preg_match('/^[A-Z][a-zA-Z\-\.\s]{1,}$/', $postalInfoLocSp)) { if (!validateLocField($postalInfoLocSp, 2)) {
sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:sp', $clTRID, $trans);
return; return;
} }
} }
if ($postalInfoLocPc) { if ($postalInfoLocPc) {
if (preg_match('/(^\-)|(\-\-)|(\-$)/', $postalInfoLocPc) || !preg_match('/^[A-Z0-9\-\s]{3,}$/', $postalInfoLocPc)) { if (!validateLocField($postalInfoLocPc, 3)) {
sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid contact:pc', $clTRID, $trans);
return; return;
} }

16
epp/src/helpers.php
View file

@ -667,3 +667,19 @@ function expandIPv6($ip) {
return implode(':', $expanded); return implode(':', $expanded);
} }
function validateLocField($input, $minLength = 5, $maxLength = 255) {
// Normalize input to NFC form
$input = normalizer_normalize($input, Normalizer::FORM_C);
// Remove control characters to prevent hidden injections
$input = preg_replace('/[\p{C}]/u', '', $input);
// Define a general regex pattern to match Unicode letters, numbers, punctuation, and spaces
$locRegex = '/^[\p{L}\p{N}\p{P}\p{Zs}\-\/&.,]+$/u';
// Check length constraints and regex pattern
return mb_strlen($input) >= $minLength &&
mb_strlen($input) <= $maxLength &&
preg_match($locRegex, $input);
}