mirror of
https://github.com/getnamingo/registry.git
synced 2025-05-21 20:09:20 +02:00
More RST updates
This commit is contained in:
Pinga
parent
b11a80e0fb
commit
73db314105
4 changed files with 232 additions and 34 deletions
|
|
@ -76,6 +76,11 @@ function processHostCheck($conn, $db, $xml, $trans) {
|
|||
foreach ($hosts as $host) {
|
||||
$host = (string)$host;
|
||||
|
||||
if (preg_match('/^\.[a-z]{2,}$/i', $host) || preg_match('/^[a-z]{2,}$/i', $host)) {
|
||||
sendEppError($conn, $db, 2306, 'Host name must be fully qualified (FQDN)', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
// Validation for host name
|
||||
if (!validateHostName($host)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid host name', $clTRID, $trans);
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
}
|
||||
|
||||
if ($postalInfoIntOrg) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntOrg)) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntOrg) || !preg_match('/^[a-zA-Z0-9\-\'\&\,\.\/\s]{5,}$/', $postalInfoIntOrg)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -213,6 +213,10 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
|
||||
$contactCreate = $xml->command->create->children('urn:ietf:params:xml:ns:contact-1.0')->create;
|
||||
|
||||
if (isset($contactCreate->voice) && trim((string) $contactCreate->voice) === '') {
|
||||
sendEppError($conn, $db, 2003, 'Voice element must not be empty if provided', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
$voice = (string) $contactCreate->voice;
|
||||
$voice_x = (string) $contactCreate->voice->attributes()->x;
|
||||
if ($voice && (!preg_match('/^\+\d{1,3}\.\d{1,14}$/', $voice) || strlen($voice) > 17)) {
|
||||
|
|
@ -422,13 +426,13 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
}
|
||||
|
||||
// v6 IP validation
|
||||
if ($addr_type === 'v6' && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
if ($addr_type === 'v6' && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid host:addr v6', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
// v4 IP validation
|
||||
if ($addr_type !== 'v6' && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
if ($addr_type !== 'v6' && !filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid host:addr v4', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -461,7 +465,7 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
$stmt->execute();
|
||||
|
||||
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
|
||||
if (strpos($hostName, $row['name']) !== false) {
|
||||
if (preg_match('/\.' . preg_quote($row['name'], '/') . '$/i', $hostName)) {
|
||||
$domain_exist = true;
|
||||
$clid_domain = $row['clid'];
|
||||
$superordinate_dom = $row['id'];
|
||||
|
|
@ -533,6 +537,36 @@ function processHostCreate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
sendEppResponse($conn, $xml);
|
||||
|
||||
} else {
|
||||
$parts = explode('.', $hostName, 2);
|
||||
$superordinate = $parts[1] ?? null;
|
||||
|
||||
if (!$superordinate) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid host:name format', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if domain exists
|
||||
$stmt = $db->prepare("SELECT id FROM domain WHERE name = :name LIMIT 1");
|
||||
$stmt->execute([':name' => $superordinate]);
|
||||
$domain_id = $stmt->fetchColumn();
|
||||
$stmt->closeCursor();
|
||||
|
||||
if (!$domain_id) {
|
||||
sendEppError($conn, $db, 2303, 'Superordinate domain does not exist for host:name', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
// Check if the domain belongs to same registrar
|
||||
$stmt = $db->prepare("SELECT clid FROM domain WHERE name = :name LIMIT 1");
|
||||
$stmt->execute([':name' => $superordinate]);
|
||||
$domain_clid = $stmt->fetchColumn();
|
||||
$stmt->closeCursor();
|
||||
|
||||
if ($clid != $domain_clid) {
|
||||
sendEppError($conn, $db, 2201, 'The superordinate domain belongs to another registrar', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO host (name,clid,crid,crdate) VALUES(?,?,?,CURRENT_TIMESTAMP(3))");
|
||||
$stmt->execute([$hostName, $clid, $clid]);
|
||||
|
||||
|
|
@ -588,21 +622,32 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
|||
}
|
||||
|
||||
if ($launch_extension_enabled && isset($launch_create)) {
|
||||
$xml->registerXPathNamespace('launch', 'urn:ietf:params:xml:ns:launch-1.0');
|
||||
$xml->registerXPathNamespace('signedMark', 'urn:ietf:params:xml:ns:signedMark-1.0');
|
||||
|
||||
$launch_phase_node = $launch_create->xpath('launch:phase')[0] ?? null;
|
||||
$launch_phase = $launch_phase_node ? (string)$launch_phase_node : null;
|
||||
$launch_phase_name = $launch_phase_node ? (string)$launch_phase_node['name'] : null;
|
||||
$smd_encodedSignedMark = $launch_create->xpath('smd:encodedSignedMark')[0] ?? null;
|
||||
$launch_notice = $launch_create->xpath('launch:notice')[0] ?? null;
|
||||
$launch_noticeID = $launch_notice ? (string) $launch_notice->xpath('launch:noticeID')[0] ?? null : null;
|
||||
$launch_notAfter = $launch_notice ? (string) $launch_notice->xpath('launch:notAfter')[0] ?? null : null;
|
||||
$launch_acceptedDate = $launch_notice ? (string) $launch_notice->xpath('launch:acceptedDate')[0] ?? null : null;
|
||||
|
||||
$xpath = '//*[namespace-uri()="urn:ietf:params:xml:ns:signedMark-1.0" and local-name()="encodedSignedMark"]';
|
||||
$smd_encodedSignedMark = $xml->xpath($xpath)[0] ?? null;
|
||||
$smd_encodedSignedMark = $smd_encodedSignedMark ? preg_replace('/\s+/', '', (string)$smd_encodedSignedMark) : null;
|
||||
|
||||
$launch_notice_exists = $xml->xpath('//launch:notice');
|
||||
if (!empty($launch_notice_exists)) {
|
||||
$launch_noticeID = (string) ($xml->xpath('//launch:noticeID')[0] ?? '');
|
||||
$launch_notAfter = (string) ($xml->xpath('//launch:notAfter')[0] ?? '');
|
||||
$launch_acceptedDate = (string) ($xml->xpath('//launch:acceptedDate')[0] ?? '');
|
||||
} else {
|
||||
$launch_noticeID = $launch_notAfter = $launch_acceptedDate = null;
|
||||
}
|
||||
|
||||
// Validate and handle each specific case
|
||||
if ($launch_phase === 'sunrise' && $smd_encodedSignedMark) {
|
||||
// Parse and validate SMD encoded signed mark later
|
||||
} elseif ($launch_phase === 'claims') {
|
||||
// Check for missing notice elements and validate dates
|
||||
if (!$launch_notice || !$launch_noticeID || !$launch_notAfter || !$launch_acceptedDate) {
|
||||
if (!$launch_notice_exists || !$launch_noticeID || !$launch_notAfter || !$launch_acceptedDate) {
|
||||
sendEppError($conn, $db, 2003, 'Missing required elements in claims phase', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -1033,12 +1078,12 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
|||
$addr_type = (string) ($node['ip'] ?? 'v4');
|
||||
|
||||
if ($addr_type == 'v6') {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr === '127.0.0.1') {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) || $hostAddr === '127.0.0.1') {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -1111,12 +1156,12 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
|||
$addr_type = isset($node['ip']) ? (string) $node['ip'] : 'v4';
|
||||
|
||||
if ($addr_type === 'v6') {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr === '127.0.0.1') {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) || $hostAddr === '127.0.0.1') {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
|
||||
function processContactInfo($conn, $db, $xml, $trans) {
|
||||
function processContactInfo($conn, $db, $xml, $clid, $trans) {
|
||||
$contactID = (string) $xml->command->info->children('urn:ietf:params:xml:ns:contact-1.0')->info->{'id'};
|
||||
$clTRID = (string) $xml->command->clTRID;
|
||||
|
||||
|
|
@ -38,6 +38,12 @@ function processContactInfo($conn, $db, $xml, $trans) {
|
|||
return;
|
||||
}
|
||||
|
||||
$clid = getClid($db, $clid);
|
||||
if ($clid !== $contact[0]['clid']) {
|
||||
sendEppError($conn, $db, 2201, 'Client is not the sponsor of the contact object', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
// Extract the first row for contact data
|
||||
$contactRow = $contact[0];
|
||||
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
$stmt->closeCursor();
|
||||
|
||||
if ($contactRem) {
|
||||
$statusList = $xml->xpath('//contact:status/@s', $contactRem);
|
||||
$statusList = $contactRem[0]->xpath('contact:status/@s');
|
||||
|
||||
if (count($statusList) == 0) {
|
||||
sendEppError($conn, $db, 2005, 'At least one status element MUST be present', $clTRID, $trans);
|
||||
|
|
@ -80,7 +80,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
}
|
||||
|
||||
if ($contactAdd) {
|
||||
$statusList = $xml->xpath('//contact:status/@s', $contactAdd);
|
||||
$statusList = $contactAdd[0]->xpath('contact:status/@s');
|
||||
|
||||
if (count($statusList) == 0) {
|
||||
sendEppError($conn, $db, 2005, 'At least one status element MUST be present', $clTRID, $trans);
|
||||
|
|
@ -94,7 +94,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
return;
|
||||
}
|
||||
|
||||
if (count($xml->xpath('contact:status[@s="' . $status . '"]', $contactRem)) == 0) {
|
||||
if (!$contactRem || count($contactRem[0]->xpath('contact:status[@s="' . $status . '"]')) == 0) {
|
||||
$stmt = $db->prepare("SELECT id FROM contact_status WHERE contact_id = :contact_id AND status = :status LIMIT 1");
|
||||
$stmt->execute([':contact_id' => $contact_id, ':status' => $status]);
|
||||
$contactStatusId = $stmt->fetchColumn();
|
||||
|
|
@ -113,6 +113,17 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
$postalInfoInt = null;
|
||||
$postalInfoLoc = null;
|
||||
|
||||
$postalInfoAllNodes = $xml->xpath('//contact:postalInfo');
|
||||
|
||||
foreach ($postalInfoAllNodes as $node) {
|
||||
$typeAttr = (string) $node['type'];
|
||||
|
||||
if ($typeAttr !== 'int' && $typeAttr !== 'loc') {
|
||||
sendEppError($conn, $db, 2003, 'Invalid postalInfo type attribute: must be "int" or "loc"', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$postalInfoIntNodes = $xml->xpath("//contact:postalInfo[@type='int']");
|
||||
|
||||
if (count($postalInfoIntNodes) > 0) {
|
||||
|
|
@ -150,40 +161,64 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
return;
|
||||
}
|
||||
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntName) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntName)) {
|
||||
if (
|
||||
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntName) ||
|
||||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntName) ||
|
||||
strlen($postalInfoIntName) > 255
|
||||
) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:name', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($postalInfoIntOrg) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntOrg) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntOrg)) {
|
||||
if (
|
||||
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntOrg) ||
|
||||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntOrg) ||
|
||||
strlen($postalInfoIntOrg) > 255
|
||||
) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:org', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoIntStreet1) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet1) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1)) {
|
||||
if (
|
||||
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet1) ||
|
||||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1) ||
|
||||
strlen($postalInfoIntStreet1) > 255
|
||||
) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoIntStreet2) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet2) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2)) {
|
||||
if (
|
||||
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet2) ||
|
||||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2) ||
|
||||
strlen($postalInfoIntStreet2) > 255
|
||||
) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if ($postalInfoIntStreet3) {
|
||||
if (preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet3) || !preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3)) {
|
||||
if (
|
||||
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet3) ||
|
||||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3) ||
|
||||
strlen($postalInfoIntStreet3) > 255
|
||||
) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoIntCity) || !preg_match('/^[a-z][a-z\-\.\'\s]{2,}$/i', $postalInfoIntCity)) {
|
||||
if (
|
||||
preg_match('/(^\-)|(^\.)|(\-\-)|(\.\.)|(\.\-)|(\-\.)|(\-$)|(\.$)/', $postalInfoIntCity) ||
|
||||
!preg_match('/^[a-z][a-z\-\.\'\s]{2,}$/i', $postalInfoIntCity) ||
|
||||
strlen($postalInfoIntCity) > 255
|
||||
) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid contact:city', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -466,6 +501,17 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
$e_authInfo_ext = $stmt_ext->fetchColumn();
|
||||
$stmt_ext->closeCursor();
|
||||
|
||||
$postalInfoAllNodes = $xml->xpath('//contact:postalInfo');
|
||||
|
||||
foreach ($postalInfoAllNodes as $node) {
|
||||
$typeAttr = (string) $node['type'];
|
||||
|
||||
if ($typeAttr !== 'int' && $typeAttr !== 'loc') {
|
||||
sendEppError($conn, $db, 2003, 'Invalid postalInfo type attribute: must be "int" or "loc"', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
$postalInfo_int = $xml->xpath("//contact:postalInfo[@type='int']")[0] ?? null;
|
||||
if ($postalInfoInt) {
|
||||
$int_name = (string)($postalInfo_int->xpath("contact:name")[0] ?? "");
|
||||
|
|
@ -783,11 +829,15 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
|
||||
foreach ($addr_list as $node) {
|
||||
$addr = (string) $node;
|
||||
$addr_type = $node->attributes()->ip ?? 'v4';
|
||||
$addr_type = (string) ($node->attributes()->ip ?? 'v4');
|
||||
if (!in_array($addr_type, ['v4', 'v6'])) {
|
||||
sendEppError($conn, $db, 2005, 'host:addr ip attribute must be "v4" or "v6"', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if ($addr_type == 'v6') {
|
||||
// IPv6 validation and normalization
|
||||
if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
$addr = normalize_v6_address($addr);
|
||||
$stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '6' LIMIT 1");
|
||||
$stmt->execute([$hostId, $addr]);
|
||||
|
|
@ -804,7 +854,7 @@ function processHostUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
}
|
||||
} else {
|
||||
// IPv4 validation and normalization
|
||||
if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
|
||||
if (filter_var($addr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
$addr = normalize_v4_address($addr);
|
||||
$stmt = $db->prepare("SELECT id FROM host_addr WHERE host_id = ? AND addr = ? AND ip = '4' LIMIT 1");
|
||||
$stmt->execute([$hostId, $addr]);
|
||||
|
|
@ -1023,7 +1073,7 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
}
|
||||
|
||||
$clid = getClid($db, $clid);
|
||||
if ($clid != $row['clid']) {
|
||||
if ($clid !== $row['clid']) {
|
||||
sendEppError($conn, $db, 2201, 'You do not have privileges to modify a domain name that belongs to another registrar', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -1195,6 +1245,16 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
if (count($hostObjList) > 0) {
|
||||
foreach ($hostObjList as $node) {
|
||||
$hostObj = strtoupper((string)$node);
|
||||
$stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1");
|
||||
$stmt->execute([$hostObj]);
|
||||
$hostExists = $stmt->fetchColumn();
|
||||
$stmt->closeCursor();
|
||||
|
||||
if (!$hostExists) {
|
||||
sendEppError($conn, $db, 2303, "domain:hostObj $hostObj does not exist", $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
if (preg_match('/[^A-Z0-9\.\-]/', $hostObj) || preg_match('/^-|^\.-|-\.-|^-|-$/', $hostObj)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans);
|
||||
return;
|
||||
|
|
@ -1269,12 +1329,12 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
$addrType = (string)$addrType;
|
||||
|
||||
if ($addrType === 'v6') {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE)) {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v6', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) || $hostAddr == '127.0.0.1') {
|
||||
if (!filter_var($hostAddr, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4 | FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE) || $hostAddr == '127.0.0.1') {
|
||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostAddr v4', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
|
@ -1435,6 +1495,9 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
sendEppError($conn, $db, 2400, 'Database error', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
sendEppError($conn, $db, 2303, "hostObj $hostObj does not exist", $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1501,6 +1564,19 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
foreach ($status_list as $node) {
|
||||
$status = (string) $node;
|
||||
|
||||
$stmt = $db->prepare("SELECT 1 FROM domain_status WHERE domain_id = :domain_id AND status = :status LIMIT 1");
|
||||
$stmt->execute([
|
||||
':domain_id' => $domain_id,
|
||||
':status' => $status
|
||||
]);
|
||||
$exists = $stmt->fetchColumn();
|
||||
$stmt->closeCursor();
|
||||
|
||||
if (!$exists) {
|
||||
sendEppError($conn, $db, 2303, "Cannot remove status '$status': not present on domain", $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("DELETE FROM domain_status WHERE domain_id = :domain_id AND status = :status");
|
||||
$stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT);
|
||||
$stmt->bindParam(':status', $status, PDO::PARAM_STR);
|
||||
|
|
@ -2010,6 +2086,20 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
}
|
||||
|
||||
try {
|
||||
// Check if DS record exists before attempting to delete
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM secdns WHERE domain_id = :domain_id AND keytag = :keyTag AND alg = :alg AND digesttype = :digestType AND digest = :digest");
|
||||
$stmt->execute([
|
||||
':domain_id' => $domain_id,
|
||||
':keyTag' => $keyTag,
|
||||
':alg' => $alg,
|
||||
':digestType' => $digestType,
|
||||
':digest' => $digest
|
||||
]);
|
||||
if ($stmt->fetchColumn() == 0) {
|
||||
sendEppError($conn, $db, 2306, 'DS record not found for removal', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("DELETE FROM secdns WHERE domain_id = :domain_id AND keytag = :keyTag AND alg = :alg AND digesttype = :digestType AND digest = :digest");
|
||||
$stmt->execute([
|
||||
':domain_id' => $domain_id,
|
||||
|
|
@ -2060,6 +2150,20 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
return;
|
||||
}
|
||||
|
||||
// Check if keyData exists before attempting to delete
|
||||
$stmt = $db->prepare("SELECT COUNT(*) FROM secdns WHERE domain_id = :domain_id AND flags = :flags AND protocol = :protocol AND keydata_alg = :algKeyData AND pubkey = :pubKey");
|
||||
$stmt->execute([
|
||||
':domain_id' => $domain_id,
|
||||
':flags' => $flags,
|
||||
':protocol' => $protocol,
|
||||
':algKeyData' => $algKeyData,
|
||||
':pubKey' => $pubKey
|
||||
]);
|
||||
if ($stmt->fetchColumn() == 0) {
|
||||
sendEppError($conn, $db, 2306, 'KeyData not found for removal', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
$stmt = $db->prepare("DELETE FROM secdns WHERE domain_id = :domain_id AND flags = :flags AND protocol = :protocol AND algKeyData = :algKeyData AND pubKey = :pubKey");
|
||||
$stmt->execute([
|
||||
|
|
@ -2089,10 +2193,48 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
|
|||
if ($secDNSDataSet) {
|
||||
foreach ($secDNSDataSet as $secDNSData) {
|
||||
// Extract dsData elements
|
||||
$keyTag = (int) $secDNSData->xpath('secDNS:keyTag')[0] ?? null;
|
||||
$alg = (int) $secDNSData->xpath('secDNS:alg')[0] ?? null;
|
||||
$digestType = (int) $secDNSData->xpath('secDNS:digestType')[0] ?? null;
|
||||
$digest = (string) $secDNSData->xpath('secDNS:digest')[0] ?? null;
|
||||
$keyTagNode = $secDNSData->xpath('secDNS:keyTag')[0] ?? null;
|
||||
if (!isset($keyTagNode) || trim((string)$keyTagNode) === '') {
|
||||
sendEppError($conn, $db, 2005, 'Missing or empty keyTag', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
$keyTag = (int) $keyTagNode;
|
||||
|
||||
$algNode = $secDNSData->xpath('secDNS:alg')[0] ?? null;
|
||||
if (!isset($algNode) || trim((string)$algNode) === '') {
|
||||
sendEppError($conn, $db, 2005, 'Missing or empty algorithm', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
$alg = (int) $algNode;
|
||||
$validAlgorithms = [8, 13, 14, 15, 16];
|
||||
if (!in_array($alg, $validAlgorithms)) {
|
||||
sendEppError($conn, $db, 2006, 'Invalid algorithm', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
$digestTypeNode = $secDNSData->xpath('secDNS:digestType')[0] ?? null;
|
||||
if (!isset($digestTypeNode) || trim((string)$digestTypeNode) === '') {
|
||||
sendEppError($conn, $db, 2005, 'Missing or empty digestType', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
$digestType = (int) $digestTypeNode;
|
||||
$validDigests = [2 => 64, 4 => 96]; // SHA-256 and SHA-384
|
||||
if (!array_key_exists($digestType, $validDigests)) {
|
||||
sendEppError($conn, $db, 2006, 'Unsupported digestType', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
$digestNode = $secDNSData->xpath('secDNS:digest')[0] ?? null;
|
||||
if (!isset($digestNode) || trim((string)$digestNode) === '') {
|
||||
sendEppError($conn, $db, 2005, 'Missing or empty digest', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
$digest = (string) $digestNode;
|
||||
if (strlen($digest) !== $validDigests[$digestType] || !ctype_xdigit($digest)) {
|
||||
sendEppError($conn, $db, 2006, 'Invalid digest length or format', $clTRID, $trans);
|
||||
return;
|
||||
}
|
||||
|
||||
$maxSigLife = $secDNSData->xpath('secDNS:maxSigLife') ? (int) $secDNSData->xpath('secDNS:maxSigLife')[0] : null;
|
||||
|
||||
// Data sanity checks
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue