Browse code

hardening the domain input

Bernd Wurst authored on06/02/2018 17:38:01
Showing3 changed files
... ...
@@ -70,7 +70,9 @@ class Domain
70 70
 
71 71
    function loadByName($name)
72 72
   {
73
-      $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=?", array($name));
73
+      $raw = $name;
74
+      $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46);
75
+      $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8));
74 76
       if ($res->rowCount() < 1)
75 77
          return false;
76 78
       $data = $res->fetch();
... ...
@@ -220,5 +220,5 @@ function check_emailaddr( $input )
220 220
 
221 221
 function check_domain( $input )
222 222
 {
223
-  return (bool) preg_match("/[a-z0-9\.\-]+\.[a-z\-]{2,63}$/i", $input );
223
+  return (bool) preg_match("/^[a-z0-9\.\-]+\.[a-z\-]{2,63}$/i", $input );
224 224
 }
... ...
@@ -34,8 +34,13 @@ $form = '<p>Domainname: <input type="text" name="domain" size="50" /> <input typ
34 34
 output(html_form('adddomain_search', '', '', $form));
35 35
 
36 36
 if (isset($_REQUEST['domain'])) {
37
-    $request = $_REQUEST['domain'];
37
+    $request = idn_to_utf8($_REQUEST['domain'], 0, INTL_IDNA_VARIANT_UTS46);
38 38
     verify_input_general($request);
39
+    $punycode = idn_to_ascii($request, 0, INTL_IDNA_VARIANT_UTS46);
40
+    if (!check_domain($punycode)) {
41
+        warning("Ung├╝ltige Zeichen im Domainnamen!");
42
+        redirect('');
43
+    }
39 44
     if (substr($request, 0, 4) == 'www.') {
40 45
         $request = str_replace('www.', '', $request);
41 46
     }