hardening the domain input (8a4acb5) - webinterface.git

hardening the domain input

Bernd Wurst commited on 2018-02-20 11:35:38
Zeige 3 geänderte Dateien mit 10 Einfügungen und 3 Löschungen.

class/domain.php 981f561..fbdccbc
inc/security.php 3c1ba3e..e9b6564
modules/domains/adddomain.php f2e96bb..1e05916

class/domain.php

@@ -70,7 +70,9 @@ class Domain
 
    function loadByName($name)
   {
-      $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=?", array($name));
+      $raw = $name;
+      $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46);
+      $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8));
       if ($res->rowCount() < 1)
          return false;
       $data = $res->fetch();

inc/security.php

Zeige Datei @ 8a4acb5

...	...	@@ -220,5 +220,5 @@ function check_emailaddr( $input )
220	220
221	221	function check_domain( $input )
222	222	{
223		- return (bool) preg_match("/[a-z0-9\.\-]+\.[a-z\-]{2,63}$/i", $input );
	223	+ return (bool) preg_match("/^[a-z0-9\.\-]+\.[a-z\-]{2,63}$/i", $input );
224	224	}

modules/domains/adddomain.php

Zeige Datei @ 8a4acb5

@@ -34,8 +34,13 @@ $form = '<p>Domainname: <input type="text" name="domain" size="50" /> <input typ
 output(html_form('adddomain_search', '', '', $form));
 
 if (isset($_REQUEST['domain'])) {
-    $request = $_REQUEST['domain'];
+    $request = idn_to_utf8($_REQUEST['domain'], 0, INTL_IDNA_VARIANT_UTS46);
     verify_input_general($request);
+    $punycode = idn_to_ascii($request, 0, INTL_IDNA_VARIANT_UTS46);
+    if (!check_domain($punycode)) {
+        warning("Ungültige Zeichen im Domainnamen!");
+        redirect('');
+    }
     if (substr($request, 0, 4) == 'www.') {
         $request = str_replace('www.', '', $request);
     }


...	...	@@ -70,7 +70,9 @@ class Domain
70	70
71	71	function loadByName($name)
72	72	{
73		- $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=?", array($name));
	73	+ $raw = $name;
	74	+ $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46);
	75	+ $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8));
74	76	if ($res->rowCount() < 1)
75	77	return false;
76	78	$data = $res->fetch();

...	...	@@ -34,8 +34,13 @@ $form = '<p>Domainname: <input type="text" name="domain" size="50" /> <input typ
34	34	output(html_form('adddomain_search', '', '', $form));
35	35
36	36	if (isset($_REQUEST['domain'])) {
37		- $request = $_REQUEST['domain'];
	37	+ $request = idn_to_utf8($_REQUEST['domain'], 0, INTL_IDNA_VARIANT_UTS46);
38	38	verify_input_general($request);
	39	+ $punycode = idn_to_ascii($request, 0, INTL_IDNA_VARIANT_UTS46);
	40	+ if (!check_domain($punycode)) {
	41	+ warning("Ungültige Zeichen im Domainnamen!");
	42	+ redirect('');
	43	+ }
39	44	if (substr($request, 0, 4) == 'www.') {
40	45	$request = str_replace('www.', '', $request);
41	46	}
42	47