beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
servnest/fn/dns.php
Miraty 567034b8fe Fix regDeleteDomain security flaw + D regex modifier 
regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain
2022-11-20 18:17:03 +01:00

75 lines
2.8 KiB
PHP
Raw Blame History

<?php
function knotcConfExec($cmds) {
exec(CONF['dns']['knotc_path'] . ' conf-begin', $output['begin'], $code['begin']);
if ($code['begin'] !== 0)
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
foreach ($cmds as $cmd) {
exec(CONF['dns']['knotc_path'] . ' conf-' . $cmd, $output['op'], $code['op']);
if ($code['op'] !== 0) {
exec(CONF['dns']['knotc_path'] . ' conf-abort');
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
}
}
exec(CONF['dns']['knotc_path'] . ' conf-commit', $output['commit'], $code['commit']);
if ($code['commit'] !== 0) {
exec(CONF['dns']['knotc_path'] . ' conf-abort');
output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
}
}
function knotcZoneExec($zone, $cmd) {
$action = checkAction($_POST['action']);
exec(CONF['dns']['knotc_path'] . ' zone-begin ' . $zone, $output['begin'], $code['begin']);
if ($code['begin'] !== 0)
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');
exec(CONF['dns']['knotc_path'] . ' zone-' . $action . 'set ' . $zone . ' ' . implode(' ', $cmd), $output['op'], $code['op']);
if ($code['op'] !== 0) {
exec(CONF['dns']['knotc_path'] . ' zone-abort ' . $zone);
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
}
exec(CONF['dns']['knotc_path'] . ' zone-commit ' . $zone, $output['commit'], $code['commit']);
if ($code['commit'] !== 0) {
exec(CONF['dns']['knotc_path'] . ' zone-abort ' . $zone);
output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
}
}
function checkIpFormat($ip) {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
return 'A';
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6))
return 'AAAA';
output(403, 'IP address malformed.');
}
function checkAbsoluteDomainFormat($domain) {
// If the domain must end with a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){2,127}$/D', $domain))
output(403, 'Domain malformed.');
}
function formatEndWithDot($str) {
if (!str_ends_with($str, '.'))
$str .= '.';
return $str;
}
function formatAbsoluteDomain($domain) {
$domain = formatEndWithDot(strtolower($domain));
checkAbsoluteDomainFormat($domain);
return $domain;
}
function checkAction($action) {
return match ($action) {
'add' => '',
'delete' => 'un',
default => output(403, 'Wrong value for action.'),
};
}
Reference in a new issue View git blame Copy permalink