From fa869fef7561dd0f783825d43e94e53d69f0ac27 Mon Sep 17 00:00:00 2001
From: Pinga <121483313+getpinga@users.noreply.github.com>
Date: Wed, 24 Jan 2024 14:01:02 +0200
Subject: [PATCH] Small EPP server fixes

---
 epp/src/helpers.php | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/epp/src/helpers.php b/epp/src/helpers.php
index 3c4a879..a447386 100644
--- a/epp/src/helpers.php
+++ b/epp/src/helpers.php
@@ -98,7 +98,7 @@ function sendGreeting($conn) {
 
 function sendEppError($conn, $db, $code, $msg, $clTRID = "000", $trans = "0") {
     if (!isset($clTRID)) {
-        $clTRID = "000";
+        $clTRID = 'client-not-provided-' . bin2hex(random_bytes(8));
     }
     if (!isset($trans)) {
         $trans = "0";
@@ -190,10 +190,10 @@ function validate_label($label, $pdo) {
         return 'You must enter a domain name';
     }
     if (strlen($label) > 63) {
-        return 'Total lenght of your domain must be less then 63 characters';
+        return 'Total length of your domain must be less then 63 characters';
     }
     if (strlen($label) < 2) {
-        return 'Total lenght of your domain must be greater then 2 characters';
+        return 'Total length of your domain must be greater then 2 characters';
     }
     if (strpos($label, 'xn--') === false && preg_match("/(^-|^\.|-\.|\.-|--|\.\.|-$|\.$)/", $label)) {
         return 'Invalid domain name format, cannot begin or end with a hyphen (-)';
@@ -337,6 +337,11 @@ function createTransaction($db, $clid, $clTRID, $clTRIDframe) {
         $clTRID = 'client-not-provided-' . bin2hex(random_bytes(8));  // Generates a 16 character hexadecimal string
     }
 
+    if (empty($clid)) {
+        // If $clid is empty, throw an exception
+        throw new Exception("Malformed command received.");
+    }
+
     // Execute the statement
     if (!$stmt->execute([
         $clid,