From 1abfadf28cf9107094b2eff8e633e9f7648a3fb3 Mon Sep 17 00:00:00 2001
From: Mark Schouten <mark@tuxis.nl>
Date: Thu, 22 May 2014 13:57:15 +0200
Subject: [PATCH] Reject non-ASCII-chars and escape quotes in TXT-records

---
 htdocs/zones.php | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/htdocs/zones.php b/htdocs/zones.php
index c1c0888..8570d89 100644
--- a/htdocs/zones.php
+++ b/htdocs/zones.php
@@ -45,6 +45,16 @@ function _create_record($name, $records, $input, $zoneurl) {
     global $defaults;
 
     $content = ($input['type'] == "TXT") ? '"'.$input['content'].'"' : $input['content'];
+
+    if (is_ascii($content) === FALSE or is_ascii($input['name']) === FALSE) {
+        _jtable_respond(null, 'error', "Please only use ASCII-characters in your fields");
+    }
+
+    if (preg_match('/^TXT$/', $input['type'])) {
+        $content = addslashes($input['content']);
+        $content = '"'.$content.'"';
+    }
+
     array_push($records, array(
         'disabled' => false,
         'type' => $input['type'],
@@ -66,6 +76,14 @@ function _create_record($name, $records, $input, $zoneurl) {
     return $records;
 }
 
+/* This function is taken from:
+http://pageconfig.com/post/how-to-validate-ascii-text-in-php and got fixed by
+#powerdns */
+
+function is_ascii( $string = '' ) {
+    return ( bool ) ! preg_match( '/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x80-\\xff]/' , $string );
+}
+
 function getrecords_by_name_type($zoneurl, $name, $type) {
     $zone = json_decode(_do_curl($zoneurl), 1);
     $records = array();