From 9b89182d4e71dee30a69793a6c714941d8bc16cc Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Tue, 19 Jan 2010 10:53:43 -0500
Subject: [PATCH] Improved input checks in the DNS wizard. Related to: FS#939 - DNS Bug

---
 interface/web/dns/lib/lang/en_dns_wizard.lng |    5 ++++-
 interface/web/dns/dns_wizard.php             |    5 +++++
 2 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 794065c..4d0a2c9 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -137,6 +137,11 @@
 	if(isset($_POST['ns2']) && $_POST['ns2'] == '') $error .= $app->lng('error_ns2_empty').'<br />';
 	if(isset($_POST['email']) && $_POST['email'] == '') $error .= $app->lng('error_email_empty').'<br />';
 	
+	if(!preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z]{2,10}[\.]{0,1}$/',$_POST['domain'])) $error .= $app->lng('error_domain_regex').'<br />';
+	if(!preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z]{2,10}[\.]{0,1}$/',$_POST['ns1'])) $error .= $app->lng('error_ns1_regex').'<br />';
+	if(!preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z]{2,10}[\.]{0,1}$/',$_POST['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
+	if(!preg_match('/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i',$_POST['email'])) $error .= $app->lng('error_email_regex').'<br />';
+	
 	// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
 	if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($_POST['client_group_id'])) {
 		$sys_groupid = intval($_POST['client_group_id']);
diff --git a/interface/web/dns/lib/lang/en_dns_wizard.lng b/interface/web/dns/lib/lang/en_dns_wizard.lng
index e8351cb..2f9f914 100644
--- a/interface/web/dns/lib/lang/en_dns_wizard.lng
+++ b/interface/web/dns/lib/lang/en_dns_wizard.lng
@@ -23,5 +23,8 @@
 $wb['error_ns1_empty'] = 'NS1 empty.';
 $wb['error_ns2_empty'] = 'NS2 empty.';
 $wb['error_email_empty'] = 'EMail empty.';
-
+$wb['error_domain_regex'] = 'Domain contains invalid characters.';
+$wb['error_ns1_regex'] = 'NS1 contains invalid characters.';
+$wb['error_ns2_regex'] = 'NS2 contains invalid characters.';
+$wb['error_email_regex'] = 'Email does not contain a valid email address.';
 ?>
\ No newline at end of file

--
Gitblit v1.9.1