do not allow punycode input in domain-names

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2016-05-18 09:03:14 +02:00
parent b03eab897a
commit 41e4135f71
4 changed files with 18 additions and 7 deletions
--- a/admin_domains.php
+++ b/admin_domains.php
@@ -282,10 +282,23 @@ if ($page == 'domains' || $page == 'overview') {
 					standard_error('admin_domain_emailsystemhostname');
 				}

+				if (strpos($_POST['domain'], '--') !== false) {
+					standard_error('domain_nopunycode');
+				}
+
 				$domain = $idna_convert->encode(preg_replace(array(
 					'/\:(\d)+$/',
 					'/^https?\:\/\//'
 				), '', validate($_POST['domain'], 'domain')));
+
+				// Check whether domain validation is enabled and if, validate the domain
+				if (Settings::Get('system.validate_domain') && ! validateDomain($domain)) {
+					standard_error(array(
+						'stringiswrong',
+						'mydomain'
+					));
+				}
+
 				$subcanemaildomain = intval($_POST['subcanemaildomain']);

 				$isemaildomain = 0;
@@ -679,12 +692,6 @@ if ($page == 'domains' || $page == 'overview') {
 						'stringisempty',
 						'mydomain'
 					));
-				} // Check whether domain validation is enabled and if, validate the domain
-elseif (Settings::Get('system.validate_domain') && ! validateDomain($domain)) {
-					standard_error(array(
-						'stringiswrong',
-						'mydomain'
-					));
 				} elseif ($documentroot == '') {
 					standard_error(array(
 						'stringisempty',
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -556,7 +556,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
 	('panel', 'password_numeric', '0'),
 	('panel', 'password_special_char_required', '0'),
 	('panel', 'password_special_char', '!?<>§$%+#=@'),
-	('panel', 'version', '0.9.35.1'),
+	('panel', 'version', '0.9.36'),
 	('panel', 'db_version', '201604270');


--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1988,3 +1988,5 @@ $lng['serversettings']['backupenabled']['description'] = "If activated, the cust
 $lng['extras']['path_protection_label'] = '<strong class="red">Important</strong>';
 $lng['extras']['path_protection_info'] = '<strong class="red">We strongly recommend protecting the given path, see "Extras" -> "Directory protection"</strong>';
 $lng['tasks']['backup_customerfiles'] = 'Backup job for customer %loginname%';
+
+$lng['error']['domain_nopunycode'] = 'You must not specify punycode (IDNA). The domain will automatically be converted';
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1641,3 +1641,5 @@ $lng['serversettings']['backupenabled']['description'] = "Wenn dies aktiviert is
 $lng['extras']['path_protection_label'] = '<strong class="red">Wichtig</strong>';
 $lng['extras']['path_protection_info'] = '<strong class="red">Wir raten dringend dazu den angegebenen Pfad zu schützen, siehe "Extras" -> "Verzeichnisschutz"</strong>';
 $lng['tasks']['backup_customerfiles'] = 'Datensicherung für Kunde %loginname%';
+
+$lng['error']['domain_nopunycode'] = 'Die Eingabe von Punycode (IDNA) ist nicht notwendig. Die Domain wird automatisch konvertiert.';