Browse code
more robust SRV record filter, disallow multiple :, negative and too high port numbers
Hanno Böck authored on07/05/2020 11:46:41 Showing1 changed files
| ... | ... |
@@ -345,13 +345,13 @@ function save_dns_record($id, $record) |
| 345 | 345 |
if (! $record['data']) {
|
| 346 | 346 |
system_failure('SRV target missing');
|
| 347 | 347 |
} |
| 348 |
- $data = explode(':', $record['data'], 2);
|
|
| 348 |
+ $data = explode(':', $record['data']);
|
|
| 349 | 349 |
if (count($data) != 2) {
|
| 350 | 350 |
system_failure('Das eingegebene Ziel war nicht im Format hostname:port');
|
| 351 | 351 |
} |
| 352 | 352 |
list($hostname, $port) = $data; |
| 353 | 353 |
verify_input_hostname($hostname); |
| 354 |
- if ($port != (int) $port || $port == 0) {
|
|
| 354 |
+ if ($port !== (string)(int) $port || (int)$port < 1 || (int)$port > 65535) {
|
|
| 355 | 355 |
system_failure('Ungültige Portnummer');
|
| 356 | 356 |
} |
| 357 | 357 |
$record['ip'] = null; |