diff --git a/epp/src/epp-create.php b/epp/src/epp-create.php index cb5f9d2..d82b6e0 100644 --- a/epp/src/epp-create.php +++ b/epp/src/epp-create.php @@ -936,25 +936,20 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m foreach ($hostObj_list as $node) { $hostObj = strtoupper((string)$node); - if (preg_match("/[^A-Z0-9\.\-]/", $hostObj) || preg_match("/^-|^\.|-\.|\.-|\.\.|-$|\.$/", $hostObj)) { + if (!validateHostName($hostObj)) { sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans); return; } - if (preg_match("/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/", $hostObj) && strlen($hostObj) < 254) { - // A host object MUST be known to the server before the host object can be associated with a domain object. - $stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); - $stmt->bindParam(':hostObj', $hostObj); - $stmt->execute(); + // A host object MUST be known to the server before the host object can be associated with a domain object. + $stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1"); + $stmt->bindParam(':hostObj', $hostObj); + $stmt->execute(); - $host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN); + $host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN); - if (!$host_id_already_exist) { - sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans); - return; - } - } else { - sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans); + if (!$host_id_already_exist) { + sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans); return; } } @@ -964,7 +959,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m foreach ($hostAttr_list as $node) { $hostName = strtoupper((string)$node->xpath('//domain:hostName')[0]); - if (preg_match("/[^A-Z0-9\.\-]/", $hostName) || preg_match("/^-|^\.-|-\.$|^\.$/", $hostName)) { + if (!validateHostName($hostName)) { sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans); return; } @@ -1043,8 +1038,8 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m } } } else { - // Check if the hostname matches the pattern and is less than 254 characters - if (preg_match('/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/i', $hostName) && strlen($hostName) < 254) { + // Validate the hostname using the function + if (validateHostName($hostName)) { $domain_exist = false; $clid_domain = 0; diff --git a/epp/src/helpers.php b/epp/src/helpers.php index 067b580..13d3955 100644 --- a/epp/src/helpers.php +++ b/epp/src/helpers.php @@ -695,19 +695,25 @@ function validateLocField($input, $minLength = 5, $maxLength = 255) { */ function validateHostName(string $hostName): bool { + // Convert IDN (Unicode) to ASCII (Punycode) + $asciiHostName = idn_to_ascii($hostName, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46); + if ($asciiHostName === false) { + return false; // Invalid IDN format + } + // Ensure length is under 254 characters - if (strlen($hostName) >= 254) { + if (strlen($asciiHostName) >= 254) { return false; } - // Use filter_var to validate domain/hostnames - if (!filter_var($hostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { + // Validate using filter_var for Punycode + if (!filter_var($asciiHostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) { return false; } - // Optional: regex for stricter validation (if needed) + // Optional: regex for stricter validation (on Punycode format) return preg_match( '/^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/', - $hostName + $asciiHostName ); } \ No newline at end of file