mirror of
https://github.com/getnamingo/registry.git
synced 2025-05-17 18:09:22 +02:00
More EPP hostname fixes/improvements
This commit is contained in:
Pinga
parent
c09f5b0e3c
commit
cd265c92f0
2 changed files with 22 additions and 21 deletions
|
|
@ -936,12 +936,11 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
||||||
foreach ($hostObj_list as $node) {
|
foreach ($hostObj_list as $node) {
|
||||||
$hostObj = strtoupper((string)$node);
|
$hostObj = strtoupper((string)$node);
|
||||||
|
|
||||||
if (preg_match("/[^A-Z0-9\.\-]/", $hostObj) || preg_match("/^-|^\.|-\.|\.-|\.\.|-$|\.$/", $hostObj)) {
|
if (!validateHostName($hostObj)) {
|
||||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans);
|
sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (preg_match("/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/", $hostObj) && strlen($hostObj) < 254) {
|
|
||||||
// A host object MUST be known to the server before the host object can be associated with a domain object.
|
// A host object MUST be known to the server before the host object can be associated with a domain object.
|
||||||
$stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1");
|
$stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1");
|
||||||
$stmt->bindParam(':hostObj', $hostObj);
|
$stmt->bindParam(':hostObj', $hostObj);
|
||||||
|
|
@ -953,10 +952,6 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
||||||
sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans);
|
sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -964,7 +959,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
||||||
foreach ($hostAttr_list as $node) {
|
foreach ($hostAttr_list as $node) {
|
||||||
$hostName = strtoupper((string)$node->xpath('//domain:hostName')[0]);
|
$hostName = strtoupper((string)$node->xpath('//domain:hostName')[0]);
|
||||||
|
|
||||||
if (preg_match("/[^A-Z0-9\.\-]/", $hostName) || preg_match("/^-|^\.-|-\.$|^\.$/", $hostName)) {
|
if (!validateHostName($hostName)) {
|
||||||
sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans);
|
sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -1043,8 +1038,8 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Check if the hostname matches the pattern and is less than 254 characters
|
// Validate the hostname using the function
|
||||||
if (preg_match('/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/i', $hostName) && strlen($hostName) < 254) {
|
if (validateHostName($hostName)) {
|
||||||
$domain_exist = false;
|
$domain_exist = false;
|
||||||
$clid_domain = 0;
|
$clid_domain = 0;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -695,19 +695,25 @@ function validateLocField($input, $minLength = 5, $maxLength = 255) {
|
||||||
*/
|
*/
|
||||||
function validateHostName(string $hostName): bool
|
function validateHostName(string $hostName): bool
|
||||||
{
|
{
|
||||||
|
// Convert IDN (Unicode) to ASCII (Punycode)
|
||||||
|
$asciiHostName = idn_to_ascii($hostName, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
|
||||||
|
if ($asciiHostName === false) {
|
||||||
|
return false; // Invalid IDN format
|
||||||
|
}
|
||||||
|
|
||||||
// Ensure length is under 254 characters
|
// Ensure length is under 254 characters
|
||||||
if (strlen($hostName) >= 254) {
|
if (strlen($asciiHostName) >= 254) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Use filter_var to validate domain/hostnames
|
// Validate using filter_var for Punycode
|
||||||
if (!filter_var($hostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
|
if (!filter_var($asciiHostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Optional: regex for stricter validation (if needed)
|
// Optional: regex for stricter validation (on Punycode format)
|
||||||
return preg_match(
|
return preg_match(
|
||||||
'/^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/',
|
'/^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/',
|
||||||
$hostName
|
$asciiHostName
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue