zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-06-26 14:14:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

DAS server validation improvements

Browse source
This commit is contained in:
Pinga 2023-08-11 01:12:24 +03:00
parent 6813fb5ec6
commit 9f6c7cfbfa
1 changed files with 38 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

50
das/das.php
View file

@ -21,6 +21,15 @@ $server->on('connect', function ($server, $fd) {
// Register a callback to handle incoming requests // Register a callback to handle incoming requests
$server->on('receive', function ($server, $fd, $reactorId, $data) { $server->on('receive', function ($server, $fd, $reactorId, $data) {
// Connect to the database
try {
$pdo = new PDO('mysql:host=localhost;dbname=registry', 'registry-select', 'EPPRegistrySELECT');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
$server->send($fd, "Error connecting to database");
$server->close($fd);
}
// Validate and sanitize the domain name // Validate and sanitize the domain name
$domain = trim($data); $domain = trim($data);
if (!$domain) { if (!$domain) {
@ -32,26 +41,43 @@ $server->on('receive', function ($server, $fd, $reactorId, $data) {
$server->close($fd); $server->close($fd);
} }
$domain = strtoupper($domain); $domain = strtoupper($domain);
if (preg_match("/[^A-Z0-9\.\-]/", $domain)) {
$server->send($fd, "domain name invalid format");
$server->close($fd);
}
if (preg_match("/(^-|^\.|-\.|\.-|--|\.\.|-$|\.$)/", $domain)) { if (preg_match("/(^-|^\.|-\.|\.-|--|\.\.|-$|\.$)/", $domain)) {
$server->send($fd, "domain name invalid format"); $server->send($fd, "domain name invalid format");
$server->close($fd); $server->close($fd);
} }
if (!preg_match("/^[A-Z0-9-]+\.(XX|COM\.XX|ORG\.XX|INFO\.XX|PRO\.XX)$/", $domain)) {
$server->send($fd, "please search only XX domains at least 2 letters"); // Extract TLD from the domain and prepend a dot
$tld = "." . end(explode('.', $domain));
// Check if the TLD exists in the domain_tld table
$stmtTLD = $pdo->prepare("SELECT COUNT(*) FROM domain_tld WHERE tld = :tld");
$stmtTLD->bindParam(':tld', $tld, PDO::PARAM_STR);
$stmtTLD->execute();
$tldExists = $stmtTLD->fetchColumn();
if (!$tldExists) {
$server->send($fd, "Invalid TLD. Please search only allowed TLDs");
$server->close($fd); $server->close($fd);
return; // Return to avoid further processing
} }
// Connect to the database // Fetch the IDN regex for the given TLD
try { $stmtRegex = $pdo->prepare("SELECT idn_table FROM domain_tld WHERE tld = :tld");
$pdo = new PDO('mysql:host=localhost;dbname=registry', 'registry-select', 'EPPRegistrySELECT'); $stmtRegex->bindParam(':tld', $tld, PDO::PARAM_STR);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmtRegex->execute();
} catch (PDOException $e) { $idnRegex = $stmtRegex->fetchColumn();
$server->send($fd, "Error connecting to database");
if (!$idnRegex) {
$server->send($fd, "Failed to fetch domain IDN table");
$server->close($fd); $server->close($fd);
return; // Return to avoid further processing
}
// Check for invalid characters using fetched regex
if (!preg_match($idnRegex, $domain)) {
$server->send($fd, "Domain name invalid format");
$server->close($fd);
return; // Return to avoid further processing
} }
// Perform the DAS lookup // Perform the DAS lookup