From cb372409d370b04e49a2764f37b87dbe7f684000 Mon Sep 17 00:00:00 2001
From: Pinga <help@namingo.org>
Date: Mon, 12 May 2025 17:40:46 +0300
Subject: [PATCH] Final RST modifications (12 May)

---
 cp/app/Controllers/ApplicationsController.php | 10 ++++++++++
 cp/app/Controllers/DomainsController.php      | 10 ++++++++++
 epp/src/epp-create.php                        |  8 ++++++++
 epp/src/epp-update.php                        | 20 +++++++++++++++++++
 4 files changed, 48 insertions(+)

diff --git a/cp/app/Controllers/ApplicationsController.php b/cp/app/Controllers/ApplicationsController.php
index 51f93e8..73040e9 100644
--- a/cp/app/Controllers/ApplicationsController.php
+++ b/cp/app/Controllers/ApplicationsController.php
@@ -240,6 +240,16 @@ class ApplicationsController extends Controller
                         }
                     }
 
+                    $smdId = $xpath->evaluate('string(//smd:id)');
+                    $isRevoked = $db->selectValue(
+                        "SELECT 1 FROM tmch_revocation WHERE smd_id = ?",
+                        [ $smdId ]
+                    );
+                    if ($isRevoked === 1) {
+                        $this->container->get('flash')->addMessage('error', 'Error creating application: SMD certificate has been revoked');
+                        return $response->withHeader('Location', '/application/create')->withStatus(302);
+                    }
+
                     $notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)'));
                     $notafter = new \DateTime($xpath->evaluate('string(//smd:notAfter)'));
                     $markName = $xpath->evaluate('string(//mark:markName)');
diff --git a/cp/app/Controllers/DomainsController.php b/cp/app/Controllers/DomainsController.php
index 0dbded0..4073eba 100644
--- a/cp/app/Controllers/DomainsController.php
+++ b/cp/app/Controllers/DomainsController.php
@@ -350,6 +350,16 @@ class DomainsController extends Controller
                         }
                     }
 
+                    $smdId = $xpath->evaluate('string(//smd:id)');
+                    $isRevoked = $db->selectValue(
+                        "SELECT 1 FROM tmch_revocation WHERE smd_id = ?",
+                        [ $smdId ]
+                    );
+                    if ($isRevoked === 1) {
+                        $this->container->get('flash')->addMessage('error', 'Error creating domain: SMD certificate has been revoked');
+                        return $response->withHeader('Location', '/domain/create')->withStatus(302);
+                    }
+
                     $notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)'));
                     $notafter = new \DateTime($xpath->evaluate('string(//smd:notAfter)'));
                     $markName = $xpath->evaluate('string(//mark:markName)');
diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php
index 59f6eaf..ed056ed 100644
--- a/epp/src/epp-create.php
+++ b/epp/src/epp-create.php
@@ -849,6 +849,14 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
                     }
                 }
 
+                $smdId = $xpath->evaluate('string(//smd:id)');
+                $stmt = $db->prepare("SELECT 1 FROM tmch_revocation WHERE smd_id = ?");
+                $stmt->execute([$smdId]);
+                if ($stmt->fetchColumn()) {
+                    sendEppError($conn, $db, 2306, 'Error creating domain: SMD certificate has been revoked.', $clTRID, $trans);
+                    return;
+                }
+
                 $notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)'));
                 $notafter = new \DateTime($xpath->evaluate('string(//smd:notAfter)'));
                 $markName = $xpath->evaluate('string(//mark:markName)');
diff --git a/epp/src/epp-update.php b/epp/src/epp-update.php
index 393791d..e0277c7 100644
--- a/epp/src/epp-update.php
+++ b/epp/src/epp-update.php
@@ -1557,6 +1557,16 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
             $stmt->closeCursor();
 
             if ($host_id) {
+                $stmt = $db->prepare("SELECT 1 FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1");
+                $stmt->execute([':domain_id' => $domain_id, ':host_id' => $host_id]);
+                $linked = $stmt->fetchColumn();
+                $stmt->closeCursor();
+
+                if (!$linked) {
+                    sendEppError($conn, $db, 2305, "hostObj $hostObj is not associated with this domain", $clTRID, $trans);
+                    return;
+                }
+
                 $stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id");
                 $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT);
                 $stmt->bindParam(':host_id', $host_id, PDO::PARAM_INT);
@@ -1586,6 +1596,16 @@ function processDomainUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
                 $stmt->closeCursor();
 
                 if ($host_id) {
+                    $stmt = $db->prepare("SELECT 1 FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id LIMIT 1");
+                    $stmt->execute([':domain_id' => $domain_id, ':host_id' => $host_id]);
+                    $linked = $stmt->fetchColumn();
+                    $stmt->closeCursor();
+
+                    if (!$linked) {
+                        sendEppError($conn, $db, 2305, "hostAttr $hostName is not associated with this domain", $clTRID, $trans);
+                        return;
+                    }
+
                     $stmt = $db->prepare("DELETE FROM domain_host_map WHERE domain_id = :domain_id AND host_id = :host_id");
                     $stmt->bindParam(':domain_id', $domain_id, PDO::PARAM_INT);
                     $stmt->bindParam(':host_id', $host_id, PDO::PARAM_INT);