Ensure domains are not too long

This commit is contained in:
Miraty 2023-04-21 19:01:46 +02:00
parent d51f9dfac3
commit 813927e03e
4 changed files with 8 additions and 5 deletions

View file

@ -8,7 +8,8 @@ function parseZoneFile($zone_content, $types, $filter_domain = false) {
$elements = preg_split('/[\t ]+/', $zone_line, 4);
if ($filter_domain !== false AND !str_ends_with($elements[0], $filter_domain))
continue; // Ignore records for other domains
if (!in_array($elements[2], $types, true)) continue; // Ignore records generated by Knot
if (!in_array($elements[2], $types, true))
continue; // Ignore records generated by Knot
array_push($parsed_zone_content, array_map('htmlspecialchars', $elements));
}
return $parsed_zone_content;
@ -63,7 +64,7 @@ function checkIpFormat($ip) {
}
function checkAbsoluteDomainFormat($domain) { // If the domain must end with a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)
output(403, _('Domain malformed.'));
}

View file

@ -22,9 +22,11 @@ function htSetupUserFs($id) {
output(500, 'Can\'t create Tor keys directory.');
}
function checkDomainFormat($domain) {
// If the domain must end without a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
output(403, _('Domain malformed.'));
}

View file

@ -17,7 +17,7 @@ if (isset($_POST['zone-content'])) { // Update zone
output(403, sprintf(_('The zone is limited to %s characters.'), ZONE_MAX_CHARACTERS));
foreach (explode("\r\n", $_POST['zone-content']) as $line) {
if ($line === '') continue;
if (preg_match('/^(?<domain>[a-z0-9@._-]+)(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $line, $matches) !== 1)
if (preg_match('/^(?<domain>[a-z0-9@._-]{1,256})(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $line, $matches) !== 1)
output(403, _('The following line does not match the expected format: ') . '<code>' . htmlspecialchars($line) . '</code>');
if (in_array($matches['type'], ALLOWED_TYPES, true) !== true)
output(403, sprintf(_('The %s type is not allowed.'), '<code>' . $matches['type'] . '</code>'));

View file

@ -6,7 +6,7 @@
<br>
<label for="tag"><?= _('Tag') ?></label>
<br>
<input id="tag" minlenght="1" maxlength="128" pattern="^[a-z]{1,128}$" placeholder="issue" name="tag" type="text">
<input id="tag" minlenght="1" maxlength="128" pattern="^[a-z]{1,127}$" placeholder="issue" name="tag" type="text">
<br>
<label for="value"><?= _('Value') ?></label>
<br>