Allow latin only characters #2613

app/controllers/epp_controller.rb

@@ -5,6 +5,7 @@ class EppController < ApplicationController
   skip_before_action :verify_authenticity_token
 
   before_action :generate_svtrid
+  before_action :latin_only
   before_action :validate_request
   before_action :update_epp_session
   helper_method :current_user
@@ -106,6 +107,14 @@ class EppController < ApplicationController
     write_to_epp_log
   end
 
+  # VALIDATION
+  def latin_only
+    return true if params['frame'].blank?
+    return true if params['frame'].match(/\A[\p{Latin}\p{Z}\p{P}\p{S}\p{Cc}\p{Cf}\w_\'\+\-\.\(\)\/]*\Z/i)
+    render_epp_response '/epp/latin_error'
+    false
+  end
+
   # VALIDATION
   def validate_request
     validation_method = "validate_#{params[:action]}"

app/views/epp/latin_error.xml.builder

@@ -0,0 +1,8 @@
+xml.epp_head do
+  xml.response do
+    xml.result('code' => '2306') do
+      xml.msg('Parameter value policy error. Allowed only Latin characters.', 'lang' => 'en')
+    end
+    render('epp/shared/trID', builder: xml)
+  end
+end

spec/epp/session_spec.rb

@@ -55,6 +55,14 @@ describe 'EPP Session', epp: true do
       response[:clTRID].should be_nil
     end
 
+    it 'should return latin only error' do
+      wrong_user = @epp_xml.session.login(clID: { value: '你好你好' }, pw: { value: 'ghyt9e4fu' })
+      response = epp_plain_request(wrong_user)
+      response[:msg].should == 'Parameter value policy error. Allowed only Latin characters.'
+      response[:result_code].should == '2306'
+      response[:clTRID].should == 'ABC-12345'
+    end
+
     context 'with valid user' do
       it 'logs in epp user' do
         response = epp_plain_request(@login_xml_cache)