From fe9a23f542bc56c1c0b6dc30257418e38ff7bd3a Mon Sep 17 00:00:00 2001
From: ftimme <ft@falkotimme.com>
Date: Sat, 08 Jun 2013 18:57:40 -0400
Subject: [PATCH] - Fixed FS#2936 - Please check and limit username input length.

---
 interface/web/dns/dns_wizard.php |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 216e084..aa3a1e5 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -133,17 +133,20 @@
 	$error = '';
 	
 	if(isset($_POST['domain']) && $_POST['domain'] == '') $error .= $app->lng('error_domain_empty').'<br />';
+	elseif(isset($_POST['domain']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9\-]{2,30}$/',$_POST['domain'])) $error .= $app->lng('error_domain_regex').'<br />';
+
 	if(isset($_POST['ip']) && $_POST['ip'] == '') $error .= $app->lng('error_ip_empty').'<br />';
+
 	if(isset($_POST['ns1']) && $_POST['ns1'] == '') $error .= $app->lng('error_ns1_empty').'<br />';
+	elseif(isset($_POST['ns1']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9]{2,30}$/',$_POST['ns1'])) $error .= $app->lng('error_ns1_regex').'<br />';
+
 	if(isset($_POST['ns2']) && $_POST['ns2'] == '') $error .= $app->lng('error_ns2_empty').'<br />';
+	elseif(isset($_POST['ns2']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9]{2,30}$/',$_POST['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
+
 	if(isset($_POST['email']) && $_POST['email'] == '') $error .= $app->lng('error_email_empty').'<br />';
+	elseif(isset($_POST['email']) && !preg_match('/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z0-9\-]{2,30}$/i',$_POST['email'])) $error .= $app->lng('error_email_regex').'<br />';
 	
-	if(isset($_POST['domain']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9\-]{2,30}[\.]{0,1}$/',$_POST['domain'])) $error .= $app->lng('error_domain_regex').'<br />';
-	if(isset($_POST['ns1']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9]{2,30}[\.]{0,1}$/',$_POST['ns1'])) $error .= $app->lng('error_ns1_regex').'<br />';
-	if(isset($_POST['ns2']) && !preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z0-9]{2,30}[\.]{0,1}$/',$_POST['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
-	if(isset($_POST['email']) && !preg_match('/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z0-9\-]{2,30}$/i',$_POST['email'])) $error .= $app->lng('error_email_regex').'<br />';
-	
-	// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
+	// make sure that the record belongs to the client group and not the admin group when admin inserts it
 	if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($_POST['client_group_id'])) {
 		$sys_groupid = $app->functions->intval($_POST['client_group_id']);
 	} elseif($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($_POST['client_group_id'])) {

--
Gitblit v1.9.1