jostreff/nsedit
1
0
Fork 0
mirror of https://github.com/tuxis-ie/nsedit.git synced 2025-04-19 20:09:14 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix quoting of TXT and SPF records

Browse source
This commit is contained in:
Mark Schouten 2016-11-18 17:00:18 +01:00
parent 42b247d5c0
commit ae00aa8ed9
1 changed files with 23 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
zones.php
View file

@ -12,10 +12,12 @@ if (!is_csrf_safe()) {
jtable_respond(null, 'error', "Authentication required"); jtable_respond(null, 'error', "Authentication required");
} }
$quoteus = array('TXT', 'SPF');
/* This function is taken from: /* This function is taken from:
http://pageconfig.com/post/how-to-validate-ascii-text-in-php and got fixed by http://pageconfig.com/post/how-to-validate-ascii-text-in-php and got fixed by
#powerdns */ #powerdns */
function is_ascii($string) { function is_ascii($string) {
return ( bool ) ! preg_match( '/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x80-\\xff]/' , $string ); return ( bool ) ! preg_match( '/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f\\x80-\\xff]/' , $string );
} }
@ -140,6 +142,16 @@ function get_zone_account($zonename, $default) {
return $default; return $default;
} }
function quote_content($content) {
# empty TXT records are ok, otherwise require surrounding quotes: "..."
if (strlen($content) == 1 || substr($content, 0, 1) !== '"' || substr($content, -1) !== '"') {
# fix quoting: first escape all \, then all ", then surround with quotes.
$content = '"'.str_replace('"', '\\"', str_replace('\\', '\\\\', $content)).'"';
}
return $content;
}
function check_account($zone) { function check_account($zone) {
return is_adminuser() or ($zone->account === get_sess_user()); return is_adminuser() or ($zone->account === get_sess_user());
} }
@ -390,12 +402,8 @@ case "createrecord":
jtable_respond(null, 'error', "Please only use ASCII-characters in your fields"); jtable_respond(null, 'error', "Please only use ASCII-characters in your fields");
} }
if ($type === 'TXT') { if (array_search($type, $quoteus) !== FALSE) {
# empty TXT records are ok, otherwise require surrounding quotes: "..." $content = quote_content($content);
if (strlen($content) == 1 || substr($content, 0, 1) !== '"' || substr($content, -1) !== '"') {
# fix quoting: first escape all \, then all ", then surround with quotes.
$content = '"'.str_replace('"', '\\"', str_replace('\\', '\\\\', $content)).'"';
}
} }
$record = $zone->addRecord($name, $type, $content, $_POST['disabled'], $_POST['ttl'], $_POST['setptr']); $record = $zone->addRecord($name, $type, $content, $_POST['disabled'], $_POST['ttl'], $_POST['setptr']);
@ -415,11 +423,17 @@ case "editrecord":
$rrset = $zone->getRRSet($old_record['name'], $old_record['type']); $rrset = $zone->getRRSet($old_record['name'], $old_record['type']);
$rrset->deleteRecord($old_record['content']); $rrset->deleteRecord($old_record['content']);
$zone->addRecord($_POST['name'], $_POST['type'], $_POST['content'], $_POST['disabled'], $_POST['ttl'], $_POST['setptr']);
$content = $_POST['content'];
if (array_search($type, $quoteus) !== FALSE) {
$content = quote_content($content);
}
$zone->addRecord($_POST['name'], $_POST['type'], $content, $_POST['disabled'], $_POST['ttl'], $_POST['setptr']);
$api->savezone($zone->export()); $api->savezone($zone->export());
$record = $zone->getRecord($_POST['name'], $_POST['type'], $_POST['content']); $record = $zone->getRecord($_POST['name'], $_POST['type'], $content);
writelog("Updated record ".$_POST['id']." to ".$record['id']); writelog("Updated record ".$_POST['id']." to ".$record['id']);
jtable_respond($record, 'single'); jtable_respond($record, 'single');
break; break;