]> git.ipfire.org Git - ipfire-2.x.git/commitdiff
projects / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 841d9da)
dns.cgi: Validate the TLS hostname irregardless of TLS being used
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 25 Sep 2025 15:29:35 +0000 (17:29 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 2 Oct 2025 16:55:58 +0000 (16:55 +0000)
That way, we won't have to perform escaping later on and can rely on
having a valid value.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
html/cgi-bin/dns.cgi patch | blob | blame | history

diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi
index a4f1c719e63933374822bd55a6c808f729eda322..883c7efb64abba25e899817e1d99b31f4c24d9c9 100644 (file)
--- a/html/cgi-bin/dns.cgi
+++ b/html/cgi-bin/dns.cgi
@@ -127,15 +127,17 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
                $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}";
        }
 
+       # Check if the provided hostname is valid
+       if ($cgiparams{'TLS_HOSTNAME'} ne "") {
+               unless (&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
+                       $errormessage = "$Lang::tr{'invalid ip or hostname'}: " . &Header::escape($cgiparams{'TLS_HOSTNAME'});
+               }
+       }
+
        # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified.
-       elsif($settings{'PROTO'} eq "TLS") {
-               unless($cgiparams{"TLS_HOSTNAME"}) {
+       if ($settings{'PROTO'} eq "TLS") {
+               unless ($cgiparams{"TLS_HOSTNAME"}) {
                        $errormessage = "$Lang::tr{'dns no tls hostname given'}";
-               } else {
-                       # Check if the provided domain is valid.
-                       unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) {
-                               $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}";
-                       }
                }
        }
 
@@ -187,7 +189,6 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L
                }
 
                # Add/Modify the entry to/in the dns_servers hash.
-               $cgiparams{'TLS_HOSTNAME'} = &Header::escape($cgiparams{'TLS_HOSTNAME'});
                $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"];
 
                # Write the changed hash to the config file.
IPFire 2.x development tree