diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php index 2c88513..474030c 100644 --- a/cp/bootstrap/helper.php +++ b/cp/bootstrap/helper.php @@ -268,8 +268,11 @@ function validate_label($domain, $db) { } } else { // Prevent consecutive or invalid hyphen usage - if (preg_match('/--|\.\./', $label)) { - return 'Domain labels cannot contain consecutive dashes (--) or dots (..)'; + if ($label !== $labels[0] && preg_match('/\.\./', $label)) { + return 'Domain labels cannot contain consecutive dots (..)'; + } + if (preg_match('/^..--/', $label)) { + return 'Domain labels cannot have double hyphens at position 3 and 4'; } } } diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php index 21c3d08..0e53707 100644 --- a/epp/src/epp-create.php +++ b/epp/src/epp-create.php @@ -429,7 +429,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) { $hostName = strtolower($hostName); - $host_addr_list = $xml->xpath('//addr'); + $host_addr_list = $xml->xpath('//host:addr'); if (count($host_addr_list) > 13) { sendEppError($conn, $db, 2306, 'No more than 13 host:addr are allowed', $clTRID, $trans); return; @@ -1379,38 +1379,8 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m ]); } } else { - $internal_host = false; - $stmt = $db->prepare("SELECT tld FROM domain_tld"); - $stmt->execute(); - - while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { - $tld = strtoupper($row['tld']); - $tld = str_replace('.', '\\.', $tld); // Escape the dot for regex pattern matching - if (preg_match("/$tld$/i", $hostObj)) { - $internal_host = true; - break; - } - } - $stmt->closeCursor(); - - if ($internal_host) { - if (preg_match("/\.$domainName$/i", $hostObj)) { - $stmt = $db->prepare("INSERT INTO host (name,domain_id,clid,crid,crdate) VALUES(?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); - $stmt->execute([$hostObj, $domain_id, $clid, $clid]); - $host_id = $db->lastInsertId(); - - $stmt = $db->prepare("INSERT INTO application_host_map (domain_id,host_id) VALUES(?, ?)"); - $stmt->execute([$domain_id, $host_id]); - } - } else { - $stmt = $db->prepare("INSERT INTO host (name,clid,crid,crdate) VALUES(?, ?, ?, CURRENT_TIMESTAMP(3))"); - $stmt->execute([$hostObj, $clid, $clid]); - $host_id = $db->lastInsertId(); - - $stmt = $db->prepare("INSERT INTO application_host_map (domain_id,host_id) VALUES(?, ?)"); - $stmt->execute([$domain_id, $host_id]); - } - + sendEppError($conn, $db, 2303, "Host object $hostObj does not exist", $clTRID, $trans); + return; } } } @@ -1451,30 +1421,39 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m ]); } } else { - // Insert a new host - $stmt = $db->prepare("INSERT INTO host (name, domain_id, clid, crid, crdate) VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); - $stmt->execute([$hostName, $domain_id, $clid, $clid]); - $host_id = $db->lastInsertId(); - - // Map the new host to the domain - $stmt = $db->prepare("INSERT INTO application_host_map (domain_id, host_id) VALUES (?, ?)"); - $stmt->execute([$domain_id, $host_id]); - - // Process and insert host addresses - foreach ($node->xpath('./domain:hostAddr') as $nodeAddr) { - $hostAddr = (string)$nodeAddr; - $addr_type = (string)($nodeAddr->attributes()->ip ?? 'v4'); - - // Normalize the address - if ($addr_type === 'v6') { - $hostAddr = normalize_v6_address($hostAddr); - } else { - $hostAddr = normalize_v4_address($hostAddr); + $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN); + $internal_host = false; + foreach ($tlds as $tld) { + if (str_ends_with(strtolower($hostName), strtolower($tld))) { + $internal_host = true; + break; } + } - // Insert the address into host_addr table - $stmt = $db->prepare("INSERT INTO host_addr (host_id, addr, ip) VALUES (?, ?, ?)"); - $stmt->execute([$host_id, $hostAddr, $addr_type]); + if ($internal_host) { + $stmt = $db->prepare("INSERT INTO host (name, domain_id, clid, crid, crdate) VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); + $stmt->execute([$hostName, $domain_id, $clid, $clid]); + $host_id = $db->lastInsertId(); + + $stmt = $db->prepare("INSERT INTO application_host_map (domain_id, host_id) VALUES (?, ?)"); + $stmt->execute([$domain_id, $host_id]); + + foreach ($node->xpath('./domain:hostAddr') as $nodeAddr) { + $hostAddr = (string)$nodeAddr; + $addr_type = (string)($nodeAddr->attributes()->ip ?? 'v4'); + + if ($addr_type === 'v6') { + $hostAddr = normalize_v6_address($hostAddr); + } else { + $hostAddr = normalize_v4_address($hostAddr); + } + + $stmt = $db->prepare("INSERT INTO host_addr (host_id, addr, ip) VALUES (?, ?, ?)"); + $stmt->execute([$host_id, $hostAddr, $addr_type]); + } + } else { + sendEppError($conn, $db, 2303, "Host attribute $hostName does not exist", $clTRID, $trans); + return; } } } diff --git a/epp/src/epp-update.php b/epp/src/epp-update.php index cdd6ca2..d8ef574 100644 --- a/epp/src/epp-update.php +++ b/epp/src/epp-update.php @@ -1128,7 +1128,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { sendEppError($conn, $db, 2201, 'You do not have privileges to modify a domain name that belongs to another registrar', $clTRID, $trans); return; } - + $domain_id = $row['id']; if ($launch_extension_enabled && isset($launch_update)) { @@ -1646,7 +1646,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { foreach ($hostObj_list as $node) { $hostObj = (string) $node; - + // Check if hostObj exists in the database $stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); $stmt->bindParam(':hostObj', $hostObj, PDO::PARAM_STR); @@ -1686,58 +1686,10 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { $stmt->execute([$logMessage, $contextData]); } } else { - $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN); - $internal_host = false; - foreach ($tlds as $tld) { - if (str_ends_with(strtolower($hostObj), strtolower($tld))) { - $internal_host = true; - break; - } - } - - if ($internal_host) { - if (preg_match("/\.$domainName$/i", $hostObj)) { - $sth = $db->prepare("INSERT INTO host (name,domain_id,clid,crid,crdate) VALUES(?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); - if (!$sth->execute([$hostObj, $domain_id, $clid, $clid])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); - return; - } - $host_id = $db->lastInsertId(); - - $sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)"); - if (!$sth->execute([$domain_id, $host_id])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); - return; - } - - $sth = $db->prepare("UPDATE domain SET upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); - if (!$sth->execute([$clid, $domain_id])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); - return; - } - } - } else { - $sth = $db->prepare("INSERT INTO host (name,clid,crid,crdate) VALUES(?, ?, ?, CURRENT_TIMESTAMP(3))"); - if (!$sth->execute([$hostObj, $clid, $clid])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); - return; - } - $host_id = $db->lastInsertId(); - - $sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)"); - if (!$sth->execute([$domain_id, $host_id])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); - return; - } - - $sth = $db->prepare("UPDATE domain SET upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); - if (!$sth->execute([$clid, $domain_id])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); - return; - } - } + sendEppError($conn, $db, 2303, "Host object $hostObj does not exist", $clTRID, $trans); + return; } - } + } foreach ($hostAttr_list as $node) { $hostNames = $node->xpath('domain:hostName[1]'); @@ -1784,37 +1736,45 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) { } } } else { - // Insert into the host table - $sth = $db->prepare("INSERT INTO host (name,domain_id,clid,crid,crdate) VALUES(?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); - $sth->execute([$hostName, $domain_id, $clid, $clid]) or die($sth->errorInfo()[2]); - - $host_id = $db->lastInsertId(); - - // Insert into the domain_host_map table - $sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)"); - $sth->execute([$domain_id, $host_id]) or die($sth->errorInfo()[2]); - - // Iterate over the hostAddr_list - $hostAddr_list = $node->xpath('domain:hostAddr'); - foreach ($hostAddr_list as $node) { - $hostAddr = (string)$node; - $addr_type = isset($node['ip']) ? (string)$node['ip'] : 'v4'; - - // Normalize - if ($addr_type == 'v6') { - $hostAddr = _normalise_v6_address($hostAddr); // PHP function to normalize IPv6 - } else { - $hostAddr = _normalise_v4_address($hostAddr); // PHP function to normalize IPv4 + $tlds = $db->query("SELECT tld FROM domain_tld")->fetchAll(PDO::FETCH_COLUMN); + $internal_host = false; + foreach ($tlds as $tld) { + if (str_ends_with(strtolower($hostName), strtolower($tld))) { + $internal_host = true; + break; } - - // Insert into the host_addr table - $sth = $db->prepare("INSERT INTO host_addr (host_id,addr,ip) VALUES(?, ?, ?)"); - $sth->execute([$host_id, $hostAddr, $addr_type]) or die($sth->errorInfo()[2]); } - - $sth = $db->prepare("UPDATE domain SET upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); - if (!$sth->execute([$clid, $domain_id])) { - sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); + + if ($internal_host) { + $sth = $db->prepare("INSERT INTO host (name,domain_id,clid,crid,crdate) VALUES(?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); + $sth->execute([$hostName, $domain_id, $clid, $clid]) or die($sth->errorInfo()[2]); + $host_id = $db->lastInsertId(); + + $sth = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES(?, ?)"); + $sth->execute([$domain_id, $host_id]) or die($sth->errorInfo()[2]); + + $hostAddr_list = $node->xpath('domain:hostAddr'); + foreach ($hostAddr_list as $node) { + $hostAddr = (string)$node; + $addr_type = isset($node['ip']) ? (string)$node['ip'] : 'v4'; + + if ($addr_type == 'v6') { + $hostAddr = _normalise_v6_address($hostAddr); // PHP function to normalize IPv6 + } else { + $hostAddr = _normalise_v4_address($hostAddr); // PHP function to normalize IPv4 + } + + $sth = $db->prepare("INSERT INTO host_addr (host_id,addr,ip) VALUES(?, ?, ?)"); + $sth->execute([$host_id, $hostAddr, $addr_type]) or die($sth->errorInfo()[2]); + } + + $sth = $db->prepare("UPDATE domain SET upid = ?, lastupdate = CURRENT_TIMESTAMP(3) WHERE id = ?"); + if (!$sth->execute([$clid, $domain_id])) { + sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans); + return; + } + } else { + sendEppError($conn, $db, 2303, "Host attribute $hostName does not exist", $clTRID, $trans); return; } } diff --git a/epp/src/helpers.php b/epp/src/helpers.php index 78520ab..a060d92 100644 --- a/epp/src/helpers.php +++ b/epp/src/helpers.php @@ -273,8 +273,11 @@ function validate_label($domain, $pdo) { } } else { // Prevent consecutive or invalid hyphen usage - if (preg_match('/--|\.\./', $label)) { - return 'Domain labels cannot contain consecutive dashes (--) or dots (..)'; + if ($label !== $labels[0] && preg_match('/\.\./', $label)) { + return 'Domain labels cannot contain consecutive dots (..)'; + } + if (preg_match('/^..--/', $label)) { + return 'Domain labels cannot have double hyphens at position 3 and 4'; } } }