zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-03 01:23:22 +02:00
Code Issues Projects Releases Packages Wiki Activity

Sanitize and validate

Browse source
This commit is contained in:
Pinga 2023-12-14 09:50:48 +02:00
parent 0e135befc2
commit e00a2985e9
6 changed files with 141 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
cp/app/Controllers/SystemController.php
View file

@ -459,6 +459,13 @@ class SystemController extends Controller
$db = $this->container->get('db');
if ($args) {
$args = trim($args);
if (!preg_match('/^\.[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)?[^\.]$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid TLD format');
return $response->withHeader('Location', '/registry/tlds')->withStatus(302);
}
$validators = [
'extension' => v::stringType()->notEmpty()->length(3, 64),
'createm0' => v::numericVal()->between(0.00, 9999999.99, true),
@ -743,6 +750,13 @@ class SystemController extends Controller
$uri = $request->getUri()->getPath();
if ($args) {
$args = trim($args);
if (!preg_match('/^\.[a-zA-Z0-9]+(\.[a-zA-Z0-9]+)?[^\.]$/', $args)) {
$this->container->get('flash')->addMessage('error', 'Invalid TLD format');
return $response->withHeader('Location', '/registry/tlds')->withStatus(302);
}
$tld = $db->selectRow('SELECT id, tld, idn_table, secure FROM domain_tld WHERE tld = ?',
[ $args ]);