More EPP hostname fixes/improvements

This commit is contained in:
Pinga 2024-11-27 08:56:09 +02:00
parent c09f5b0e3c
commit cd265c92f0
2 changed files with 22 additions and 21 deletions

View file

@ -936,25 +936,20 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
foreach ($hostObj_list as $node) {
$hostObj = strtoupper((string)$node);
if (preg_match("/[^A-Z0-9\.\-]/", $hostObj) || preg_match("/^-|^\.|-\.|\.-|\.\.|-$|\.$/", $hostObj)) {
if (!validateHostName($hostObj)) {
sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans);
return;
}
if (preg_match("/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/", $hostObj) && strlen($hostObj) < 254) {
// A host object MUST be known to the server before the host object can be associated with a domain object.
$stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1");
$stmt->bindParam(':hostObj', $hostObj);
$stmt->execute();
// A host object MUST be known to the server before the host object can be associated with a domain object.
$stmt = $db->prepare("SELECT id FROM host WHERE name = :hostObj LIMIT 1");
$stmt->bindParam(':hostObj', $hostObj);
$stmt->execute();
$host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN);
$host_id_already_exist = $stmt->fetch(PDO::FETCH_COLUMN);
if (!$host_id_already_exist) {
sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans);
return;
}
} else {
sendEppError($conn, $db, 2005, 'Invalid domain:hostObj', $clTRID, $trans);
if (!$host_id_already_exist) {
sendEppError($conn, $db, 2303, 'domain:hostObj '.$hostObj.' does not exist', $clTRID, $trans);
return;
}
}
@ -964,7 +959,7 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
foreach ($hostAttr_list as $node) {
$hostName = strtoupper((string)$node->xpath('//domain:hostName')[0]);
if (preg_match("/[^A-Z0-9\.\-]/", $hostName) || preg_match("/^-|^\.-|-\.$|^\.$/", $hostName)) {
if (!validateHostName($hostName)) {
sendEppError($conn, $db, 2005, 'Invalid domain:hostName', $clTRID, $trans);
return;
}
@ -1043,8 +1038,8 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
}
}
} else {
// Check if the hostname matches the pattern and is less than 254 characters
if (preg_match('/^([A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9]){0,1}\.){1,125}[A-Z0-9]([A-Z0-9-]{0,61}[A-Z0-9])$/i', $hostName) && strlen($hostName) < 254) {
// Validate the hostname using the function
if (validateHostName($hostName)) {
$domain_exist = false;
$clid_domain = 0;

View file

@ -695,19 +695,25 @@ function validateLocField($input, $minLength = 5, $maxLength = 255) {
*/
function validateHostName(string $hostName): bool
{
// Convert IDN (Unicode) to ASCII (Punycode)
$asciiHostName = idn_to_ascii($hostName, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
if ($asciiHostName === false) {
return false; // Invalid IDN format
}
// Ensure length is under 254 characters
if (strlen($hostName) >= 254) {
if (strlen($asciiHostName) >= 254) {
return false;
}
// Use filter_var to validate domain/hostnames
if (!filter_var($hostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
// Validate using filter_var for Punycode
if (!filter_var($asciiHostName, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
return false;
}
// Optional: regex for stricter validation (if needed)
// Optional: regex for stricter validation (on Punycode format)
return preg_match(
'/^([a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$/',
$hostName
$asciiHostName
);
}