diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php index 5705e21..3399cbf 100644 --- a/cp/bootstrap/helper.php +++ b/cp/bootstrap/helper.php @@ -230,19 +230,24 @@ function validate_label($domain, $db) { // Split domain into labels (subdomains, SLD, TLD) $labels = explode('.', $domain); - if (count($labels) > 1) { // Ensure there is at least an SLD and TLD - $firstLabel = $labels[0]; - $len = strlen($firstLabel); + foreach ($labels as $index => $label) { + $len = strlen($label); - // Label cannot be empty, shorter than 2, or longer than 63 characters - if ($len < 2 || $len > 63) { - return 'The domain label must be between 2 and 63 characters'; - } - } - - foreach ($labels as $label) { - if (!preg_match('/^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/', $label)) { - return 'Each domain label must start and end with a letter or number and contain only letters, numbers, or hyphens'; + // Stricter validation for the first label + if ($index === 0) { + if ($len < 2 || $len > 63) { + return 'The domain must be between 2 and 63 characters'; + } + + if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/', $label)) { + return 'The domain must start and end with a letter or number and contain only letters, numbers, or hyphens'; + } + } + // Basic validation for other labels + else { + if (!preg_match('/^[a-zA-Z0-9-]+$/', $label)) { + return 'Each domain label must contain only letters, numbers, or hyphens'; + } } // Check if it's a Punycode label (IDN) diff --git a/epp/src/helpers.php b/epp/src/helpers.php index 9e87a92..7873c79 100644 --- a/epp/src/helpers.php +++ b/epp/src/helpers.php @@ -238,23 +238,24 @@ function validate_label($domain, $pdo) { // Split domain into labels (subdomains, SLD, TLD) $labels = explode('.', $domain); - if (count($labels) > 1) { // Ensure there is at least an SLD and TLD - $firstLabel = $labels[0]; - $len = strlen($firstLabel); + foreach ($labels as $index => $label) { + $len = strlen($label); - // Label cannot be empty, shorter than 2, or longer than 63 characters - if ($len < 2 || $len > 63) { - return 'The domain label must be between 2 and 63 characters'; - } - } - - foreach ($labels as $label) { - if (!preg_match('/^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?$/', $label)) { - return 'Each domain label must start and end with a letter or number and contain only letters, numbers, or hyphens'; - } - - if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/', $label)) { - return 'Each domain label must start and end with a letter or number and contain only letters, numbers, or hyphens'; + // Stricter validation for the first label + if ($index === 0) { + if ($len < 2 || $len > 63) { + return 'The domain must be between 2 and 63 characters'; + } + + if (!preg_match('/^[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]$/', $label)) { + return 'The domain must start and end with a letter or number and contain only letters, numbers, or hyphens'; + } + } + // Basic validation for other labels + else { + if (!preg_match('/^[a-zA-Z0-9-]+$/', $label)) { + return 'Each domain label must contain only letters, numbers, or hyphens'; + } } // Check if it's a Punycode label (IDN)