bug 1412: adding check for IPs as domain names
authorFelix Dörre <felix@dogcraft.de>
Tue, 23 Feb 2016 20:44:45 +0000 (21:44 +0100)
committerFelix Dörre <felix@dogcraft.de>
Tue, 23 Feb 2016 20:54:21 +0000 (21:54 +0100)
additionally adding check for valid domains on domain registration, not only on certificate issuance.

includes/account.php
includes/general.php

index b1ab984..5d45602 100644 (file)
@@ -535,6 +535,13 @@ function buildSubjectFromSession() {
                        exit;
                }
 
+               if(!isValidWildcard($_REQUEST['newdomain']) || strstr($_REQUEST['newdomain'],"*") !== false) {
+                       showheader(_("My CAcert.org Account!"));
+                       echo _("Your domain is not valid.");
+                       showfooter();
+                       exit;
+               }
+
                list($newdomain) = explode(" ", $_REQUEST['newdomain'], 2); // Ignore the rest
                while($newdomain['0'] == '-')
                        $newdomain = substr($newdomain, 1);
index f84ae5b..cd6d910 100644 (file)
                if(!preg_match('/^(\\.(?!-)[a-z0-9_-]*[a-z0-9])+$/i','.'.$name)){
                        return false;
                }
+               if(preg_match('/^(\\.[0-9]*)+$/i','.'.$name)){
+                       return false;
+               }
                return strpos($name, "*") === false;
        }