Browse code

Umstellung von filter_input_general() auf filter_output_html()

Bernd Wurst authored on 21/09/2019 17:07:48
Showing 1 changed files
... ...
@@ -30,10 +30,10 @@ $request = idn_to_utf8($_REQUEST['domain'], 0, INTL_IDNA_VARIANT_UTS46);
30 30
 if (substr($request, 0, 4) == 'www.') {
31 31
     $request = str_replace('www.', '', $request);
32 32
 }
33
-verify_input_general($request);
33
+verify_input_hostname_utf8($request);
34 34
 $punycode = idn_to_ascii($request, 0, INTL_IDNA_VARIANT_UTS46);
35 35
 if (!check_domain($punycode)) {
36
-    warning("Ungültiger Domainname: ".filter_input_general($request));
36
+    warning("Ungültiger Domainname: ".filter_output_html($request));
37 37
     redirect('');
38 38
 }
39 39
 
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -40,5 +40,3 @@ if (!check_domain($punycode)) {
40 40
 $id = insert_domain_external($request, ($_REQUEST['dns'] === 'enable'), ($_REQUEST['email'] === 'enable'));
41 41
 
42 42
 redirect('detail?id='.$id);
43
-
44
-
Browse code

hardening domain input (II)

Bernd Wurst authored on 06/02/2018 17:55:49
Showing 1 changed files
... ...
@@ -26,8 +26,18 @@ $section='domains_domains';
26 26
 if (!isset($_REQUEST['domain'])) {
27 27
     system_failure('Kein Domainname übergeben');
28 28
 }
29
+$request = idn_to_utf8($_REQUEST['domain'], 0, INTL_IDNA_VARIANT_UTS46);
30
+if (substr($request, 0, 4) == 'www.') {
31
+    $request = str_replace('www.', '', $request);
32
+}
33
+verify_input_general($request);
34
+$punycode = idn_to_ascii($request, 0, INTL_IDNA_VARIANT_UTS46);
35
+if (!check_domain($punycode)) {
36
+    warning("Ungültiger Domainname: ".filter_input_general($request));
37
+    redirect('');
38
+}
29 39
 
30
-$id = insert_domain_external($_REQUEST['domain'], ($_REQUEST['dns'] === 'enable'), ($_REQUEST['email'] === 'enable'));
40
+$id = insert_domain_external($request, ($_REQUEST['dns'] === 'enable'), ($_REQUEST['email'] === 'enable'));
31 41
 
32 42
 redirect('detail?id='.$id);
33 43
 
Browse code

Erste Vorbereitungen für Domainregistrierung

Bernd Wurst authored on 02/02/2018 05:25:41
Showing 1 changed files
... ...
@@ -29,6 +29,6 @@ if (!isset($_REQUEST['domain'])) {
29 29
 
30 30
 $id = insert_domain_external($_REQUEST['domain'], ($_REQUEST['dns'] === 'enable'), ($_REQUEST['email'] === 'enable'));
31 31
 
32
-redirect('verify?id='.$id);
32
+redirect('detail?id='.$id);
33 33
 
34 34
 
Browse code

Wenn die E-Mail-Funktion komplett abgeschaltet ist, wird die Domain nicht mehr als unbestätigt markiert.

Bernd Wurst authored on 30/01/2018 09:12:00
Showing 1 changed files
... ...
@@ -27,7 +27,7 @@ if (!isset($_REQUEST['domain'])) {
27 27
     system_failure('Kein Domainname übergeben');
28 28
 }
29 29
 
30
-$id = insert_domain_external($_REQUEST['domain'], ($_REQUEST['dns'] === 'enable'));
30
+$id = insert_domain_external($_REQUEST['domain'], ($_REQUEST['dns'] === 'enable'), ($_REQUEST['email'] === 'enable'));
31 31
 
32 32
 redirect('verify?id='.$id);
33 33
 
Browse code

Ermögliche das Hinzufügen externer Domains

Bernd Wurst authored on 28/01/2018 07:23:10
Showing 1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,34 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('inc/security.php');
18
+require_once('inc/icons.php');
19
+
20
+require_once('domains.php');
21
+require_role(ROLE_CUSTOMER);
22
+
23
+title("Externe Domain hinzufügen");
24
+$section='domains_domains';
25
+
26
+if (!isset($_REQUEST['domain'])) {
27
+    system_failure('Kein Domainname übergeben');
28
+}
29
+
30
+$id = insert_domain_external($_REQUEST['domain'], ($_REQUEST['dns'] === 'enable'));
31
+
32
+redirect('verify?id='.$id);
33
+
34
+