Rails update, request validation

2025-07-25 03:58:27 +02:00 · 2014-07-03 16:08:53 +03:00 · 2014-07-03 16:08:53 +03:00 · 4684b311a2
commit 4684b311a2
parent 4744a35dd9
13 changed files with 1047 additions and 70 deletions
--- a/app/controllers/concerns/epp/common.rb
+++ b/app/controllers/concerns/epp/common.rb
@ -3,6 +3,7 @@ module Epp::Common

  included do
    protect_from_forgery with: :null_session
+    before_action :validate_request, only: [:proxy]
  end

  def proxy
@ -25,4 +26,15 @@ module Epp::Common
  def current_epp_user
    @current_epp_user ||= EppUser.find(epp_session[:epp_user_id]) if epp_session[:epp_user_id]
  end
+
+  def validate_request
+    xsd = Nokogiri::XML::Schema(File.read('doc/schemas/epp-1.0.xsd'))
+    doc = Nokogiri::XML(params[:frame])
+    @extValues = xsd.validate(doc)
+    if @extValues.any?
+      @code = '2001'
+      @msg = 'Command syntax error'
+      render '/epp/error' and return
+    end
+  end
 end
--- a/app/controllers/epp/errors_controller.rb
+++ b/app/controllers/epp/errors_controller.rb
@ -2,6 +2,7 @@ class Epp::ErrorsController < ApplicationController
  include Epp::Common

  def error
+    @code, @msg = params[:code], params[:msg]
    render '/epp/error'
  end
 end