zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-08-06 01:25:00 +02:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize and validate

Browse source
This commit is contained in:
Pinga 2023-12-14 09:50:48 +02:00
parent 0e135befc2
commit e00a2985e9
6 changed files with 141 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
cp/app/Controllers/RegistrarsController.php
View file

@ -298,6 +298,13 @@ class RegistrarsController extends Controller
$uri = $request->getUri()->getPath();
if ($args) {
$args = trim(preg_replace('/\s+/', ' ', $args));
if (!preg_match('/^[a-zA-Z0-9\s]+$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid registrar');
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
$registrar = $db->selectRow('SELECT * FROM registrar WHERE name = ?',
[ $args ]);
@ -367,6 +374,13 @@ class RegistrarsController extends Controller
$uri = $request->getUri()->getPath();
if ($args) {
$args = trim($args);
if (!preg_match('/^[a-z0-9]+$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid registrar');
return $response->withHeader('Location', '/registrars')->withStatus(302);
}
$registrar = $db->selectRow('SELECT * FROM registrar WHERE clid = ?',
[ $args ]);