From b14ab6b1c1dcb4b3ca2995a498600d81527a04f6 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Wed, 18 May 2016 10:35:47 +0200
Subject: [PATCH] validate record/label in dns-editor; better escaping for
 soa-admin mail

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 dns_editor.php                                | 19 ++++++++++++++++++-
 .../dns/function.createDomainZone.php         |  9 ++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/dns_editor.php b/dns_editor.php
index bc9726a3..6dd50fb7 100644
--- a/dns_editor.php
+++ b/dns_editor.php
@@ -51,7 +51,24 @@ if ($action == 'add_record' && ! empty($_POST)) {
 
 	$record = strtolower($record);
 
-	// TODO regex validate record and content for invalid characters
+	if ($record != '@' && $record != '*')
+	{
+		// validate record
+		if (strpos($record, '--') !== false) {
+			$errors[] = $lng['error']['domain_nopunycode'];
+		}
+		else
+		{
+			$record = $idna_convert->encode($record);
+			$check_dom = $record.'.example.com';
+			if (!validateDomain($check_dom))
+			{
+				$errors[] = sprintf($lng['error']['subdomainiswrong'], $idna_convert->decode($record));
+			}
+		}
+	}
+
+	// TODO regex validate content for invalid characters
 
 	if ($ttl <= 0) {
 		$ttl = 18000;
diff --git a/lib/functions/dns/function.createDomainZone.php b/lib/functions/dns/function.createDomainZone.php
index 8a42efb8..f7baed6e 100644
--- a/lib/functions/dns/function.createDomainZone.php
+++ b/lib/functions/dns/function.createDomainZone.php
@@ -266,7 +266,7 @@ function createDomainZone($domain_id, $froxlorhostname = false)
 	}
 
 	// TODO for now, dummy time-periods
-	$soa_content = $primary_ns . " " . str_replace('@', '.', Settings::Get('panel.adminmail')) . ". (" . PHP_EOL;
+	$soa_content = $primary_ns . " " . escapeSoaAdminMail(Settings::Get('panel.adminmail')) . " (" . PHP_EOL;
 	$soa_content .= $domain['bindserial'] . "\t; serial" . PHP_EOL;
 	$soa_content .= "1800\t; refresh (30 mins)" . PHP_EOL;
 	$soa_content .= "900\t; retry (15 mins)" . PHP_EOL;
@@ -302,3 +302,10 @@ function encloseTXTContent($txt_content, $isMultiLine = false)
 	}
 	return $txt_content;
 }
+
+function escapeSoaAdminMail($email)
+{
+	$mail_parts = explode("@", $email);
+	$escpd_mail = str_replace(".", "\.", $mail_parts[0]).".".$mail_parts[1].".";
+	return $escpd_mail;
+}