zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-17 10:06:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

More bugfixes in CP and EPP

Browse source
This commit is contained in:
Pinga 2024-11-26 18:12:37 +02:00
parent 63b544c915
commit c09f5b0e3c
3 changed files with 104 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

44
cp/app/Controllers/RegistrarsController.php
View file

@ -340,10 +340,13 @@ class RegistrarsController extends Controller
[ $registrar['id'] ]); [ $registrar['id'] ]);
$registrarOte = $db->select('SELECT * FROM registrar_ote WHERE registrar_id = ? ORDER by command', $registrarOte = $db->select('SELECT * FROM registrar_ote WHERE registrar_id = ? ORDER by command',
[ $registrar['id'] ]); [ $registrar['id'] ]);
$registrarUsers = $db->selectRow('SELECT user_id FROM registrar_users WHERE registrar_id = ?', $userEmail = $db->selectRow(
[ $registrar['id'] ]); 'SELECT u.email
$userEmail = $db->selectRow('SELECT email FROM users WHERE id = ?', FROM registrar_users ru
[ $registrarUsers['user_id'] ]); JOIN users u ON ru.user_id = u.id
WHERE ru.registrar_id = ? AND u.roles_mask = ?',
[$registrar['id'], 4]
);
$registrarWhitelist = $db->select('SELECT addr FROM registrar_whitelist WHERE registrar_id = ?', $registrarWhitelist = $db->select('SELECT addr FROM registrar_whitelist WHERE registrar_id = ?',
[ $registrar['id'] ]); [ $registrar['id'] ]);
// Check if RegistrarOTE is not empty // Check if RegistrarOTE is not empty
@ -400,10 +403,13 @@ class RegistrarsController extends Controller
[ $registrar['id'] ]); [ $registrar['id'] ]);
$registrarOte = $db->select('SELECT * FROM registrar_ote WHERE registrar_id = ? ORDER by command', $registrarOte = $db->select('SELECT * FROM registrar_ote WHERE registrar_id = ? ORDER by command',
[ $registrar['id'] ]); [ $registrar['id'] ]);
$registrarUsers = $db->selectRow('SELECT user_id FROM registrar_users WHERE registrar_id = ?', $userEmail = $db->selectRow(
[ $registrar['id'] ]); 'SELECT u.email
$userEmail = $db->selectRow('SELECT email FROM users WHERE id = ?', FROM registrar_users ru
[ $registrarUsers['user_id'] ]); JOIN users u ON ru.user_id = u.id
WHERE ru.registrar_id = ? AND u.roles_mask = ?',
[$registrar['id'], 4]
);
$registrarWhitelist = $db->select('SELECT addr FROM registrar_whitelist WHERE registrar_id = ?', $registrarWhitelist = $db->select('SELECT addr FROM registrar_whitelist WHERE registrar_id = ?',
[ $registrar['id'] ]); [ $registrar['id'] ]);
// Check if RegistrarOTE is not empty // Check if RegistrarOTE is not empty
@ -471,10 +477,13 @@ class RegistrarsController extends Controller
[ $registrar['id'] ]); [ $registrar['id'] ]);
$registrarOte = $db->select("SELECT * FROM registrar_ote WHERE registrar_id = ?", $registrarOte = $db->select("SELECT * FROM registrar_ote WHERE registrar_id = ?",
[ $registrar['id'] ]); [ $registrar['id'] ]);
$user_id = $db->selectValue("SELECT user_id FROM registrar_users WHERE registrar_id = ?", $user = $db->selectRow(
[ $registrar['id'] ]); 'SELECT u.email
$user = $db->selectRow("SELECT email FROM users WHERE id = ?", FROM registrar_users ru
[ $user_id ]); JOIN users u ON ru.user_id = u.id
WHERE ru.registrar_id = ? AND u.roles_mask = ?',
[$registrar['id'], 4]
);
$whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?", $whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?",
[ $registrar['id'] ]); [ $registrar['id'] ]);
// Check if RegistrarOTE is not empty // Check if RegistrarOTE is not empty
@ -1030,10 +1039,13 @@ class RegistrarsController extends Controller
[ $registrar['id'] ]); [ $registrar['id'] ]);
$registrarOte = $db->select("SELECT * FROM registrar_ote WHERE registrar_id = ?", $registrarOte = $db->select("SELECT * FROM registrar_ote WHERE registrar_id = ?",
[ $registrar['id'] ]); [ $registrar['id'] ]);
$user_id = $db->selectValue("SELECT user_id FROM registrar_users WHERE registrar_id = ?", $user = $db->selectRow(
[ $registrar['id'] ]); 'SELECT u.email
$user = $db->selectRow("SELECT email FROM users WHERE id = ?", FROM registrar_users ru
[ $user_id ]); JOIN users u ON ru.user_id = u.id
WHERE ru.registrar_id = ? AND u.roles_mask = ?',
[$registrar['id'], 4]
);
$whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?", $whitelist = $db->select("SELECT * FROM registrar_whitelist WHERE registrar_id = ?",
[ $registrar['id'] ]); [ $registrar['id'] ]);
// Check if RegistrarOTE is not empty // Check if RegistrarOTE is not empty

38
epp/src/epp-create.php
View file

@ -886,7 +886,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
return; return;
} }
$ns = $xml->xpath('//domain:ns')[0]; $ns = $xml->xpath('//domain:ns')[0] ?? null;
$hostObj_list = null; $hostObj_list = null;
$hostAttr_list = null; $hostAttr_list = null;
@ -1144,9 +1144,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
} }
} else { } else {
// External host // External host
if (preg_match('/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/i', $hostName) && strlen($hostName) < 254) { if (!validateHostName($hostName)) {
} else {
sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans); sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans);
return; return;
} }
@ -1456,7 +1454,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
':price' => $price ':price' => $price
]); ]);
if ($hostObj_list !== null && is_array($hostObj_list)) { if (!empty($hostObj_list) && is_array($hostObj_list)) {
foreach ($hostObj_list as $node) { foreach ($hostObj_list as $node) {
$hostObj = strtoupper((string)$node); $hostObj = strtoupper((string)$node);
@ -1513,51 +1511,63 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
} }
} }
if ($hostAttr_list !== null && is_array($hostAttr_list)) { if (!empty($hostAttr_list) && is_array($hostAttr_list)) {
foreach ($hostAttr_list as $element) { foreach ($hostAttr_list as $node) {
foreach ($element->children() as $node) { // Extract the hostName
$hostName = strtoupper($node->xpath('//domain:hostName')[0]); $hostName = strtoupper((string)$node->xpath('./domain:hostName')[0] ?? '');
if (empty($hostName)) {
continue; // Skip if no hostName found
}
// Check if the host already exists
$stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1"); $stmt = $db->prepare("SELECT id FROM host WHERE name = ? LIMIT 1");
$stmt->execute([$hostName]); $stmt->execute([$hostName]);
$hostName_already_exist = $stmt->fetchColumn(); $hostName_already_exist = $stmt->fetchColumn();
if ($hostName_already_exist) { if ($hostName_already_exist) {
// Check if the host is already mapped to this domain
$stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1"); $stmt = $db->prepare("SELECT domain_id FROM domain_host_map WHERE domain_id = ? AND host_id = ? LIMIT 1");
$stmt->execute([$domain_id, $hostName_already_exist]); $stmt->execute([$domain_id, $hostName_already_exist]);
$domain_host_map_id = $stmt->fetchColumn(); $domain_host_map_id = $stmt->fetchColumn();
if (!$domain_host_map_id) { if (!$domain_host_map_id) {
// Map the host to the domain
$stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES (?, ?)"); $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id,host_id) VALUES (?, ?)");
$stmt->execute([$domain_id, $hostName_already_exist]); $stmt->execute([$domain_id, $hostName_already_exist]);
} else { } else {
// Log duplicate mapping error
$stmt = $db->prepare("INSERT INTO error_log (registrar_id, log, date) VALUES (?, ?, CURRENT_TIMESTAMP(3))"); $stmt = $db->prepare("INSERT INTO error_log (registrar_id, log, date) VALUES (?, ?, CURRENT_TIMESTAMP(3))");
$stmt->execute([$clid, "Domain : $domainName ; hostName : $hostName - se dubleaza"]); $stmt->execute([$clid, "Domain: $domainName ; hostName: $hostName - duplicate mapping"]);
} }
} else { } else {
// Insert a new host
$stmt = $db->prepare("INSERT INTO host (name, domain_id, clid, crid, crdate) VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP(3))"); $stmt = $db->prepare("INSERT INTO host (name, domain_id, clid, crid, crdate) VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP(3))");
$stmt->execute([$hostName, $domain_id, $clid, $clid]); $stmt->execute([$hostName, $domain_id, $clid, $clid]);
$host_id = $db->lastInsertId(); $host_id = $db->lastInsertId();
// Map the new host to the domain
$stmt = $db->prepare("INSERT INTO domain_host_map (domain_id, host_id) VALUES (?, ?)"); $stmt = $db->prepare("INSERT INTO domain_host_map (domain_id, host_id) VALUES (?, ?)");
$stmt->execute([$domain_id, $host_id]); $stmt->execute([$domain_id, $host_id]);
foreach ($node->xpath('//domain:hostAddr') as $nodeAddr) { // Process and insert host addresses
foreach ($node->xpath('./domain:hostAddr') as $nodeAddr) {
$hostAddr = (string)$nodeAddr; $hostAddr = (string)$nodeAddr;
$addr_type = $nodeAddr->attributes()->ip ?? 'v4'; $addr_type = (string)($nodeAddr->attributes()->ip ?? 'v4');
if ($addr_type == 'v6') { // Normalize the address
if ($addr_type === 'v6') {
$hostAddr = normalize_v6_address($hostAddr); $hostAddr = normalize_v6_address($hostAddr);
} else { } else {
$hostAddr = normalize_v4_address($hostAddr); $hostAddr = normalize_v4_address($hostAddr);
} }
// Insert the address into host_addr table
$stmt = $db->prepare("INSERT INTO host_addr (host_id, addr, ip) VALUES (?, ?, ?)"); $stmt = $db->prepare("INSERT INTO host_addr (host_id, addr, ip) VALUES (?, ?, ?)");
$stmt->execute([$host_id, $hostAddr, $addr_type]); $stmt->execute([$host_id, $hostAddr, $addr_type]);
} }
} }
} }
} }
}
$contact_admin_list = $xml->xpath("//domain:contact[@type='admin']"); $contact_admin_list = $xml->xpath("//domain:contact[@type='admin']");
$contact_billing_list = $xml->xpath("//domain:contact[@type='billing']"); $contact_billing_list = $xml->xpath("//domain:contact[@type='billing']");

25
epp/src/helpers.php
View file

@ -686,3 +686,28 @@ function validateLocField($input, $minLength = 5, $maxLength = 255) {
mb_strlen($input) <= $maxLength && mb_strlen($input) <= $maxLength &&
preg_match($locRegex, $input); preg_match($locRegex, $input);
} }
/**
* Validates a hostname or domain name.
*
* @param string $hostName
* @return bool
*/
function validateHostName(string $hostName): bool
{
// Ensure length is under 254 characters
if (strlen($hostName) >= 254) {
return false;
}
// Use filter_var to validate domain/hostnames
if (!filter_var($hostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
return false;
}
// Optional: regex for stricter validation (if needed)
return preg_match(
'/^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/',
$hostName
);
}