From 9a4fbd0bac49ee76006f732701c6fea8d2338f8a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 25 Sep 2025 17:29:35 +0200 Subject: [PATCH] dns.cgi: Validate the TLS hostname irregardless of TLS being used That way, we won't have to perform escaping later on and can rely on having a valid value. Signed-off-by: Michael Tremer --- html/cgi-bin/dns.cgi | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/html/cgi-bin/dns.cgi b/html/cgi-bin/dns.cgi index a4f1c719e..883c7efb6 100644 --- a/html/cgi-bin/dns.cgi +++ b/html/cgi-bin/dns.cgi @@ -127,15 +127,17 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L $errormessage = "$Lang::tr{'invalid ip'}: $cgiparams{'NAMESERVER'}"; } + # Check if the provided hostname is valid + if ($cgiparams{'TLS_HOSTNAME'} ne "") { + unless (&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) { + $errormessage = "$Lang::tr{'invalid ip or hostname'}: " . &Header::escape($cgiparams{'TLS_HOSTNAME'}); + } + } + # Check if a TLS is enabled and no TLS_HOSTNAME has benn specified. - elsif($settings{'PROTO'} eq "TLS") { - unless($cgiparams{"TLS_HOSTNAME"}) { + if ($settings{'PROTO'} eq "TLS") { + unless ($cgiparams{"TLS_HOSTNAME"}) { $errormessage = "$Lang::tr{'dns no tls hostname given'}"; - } else { - # Check if the provided domain is valid. - unless(&General::validfqdn($cgiparams{"TLS_HOSTNAME"})) { - $errormessage = "$Lang::tr{'invalid ip or hostname'}: $cgiparams{'TLS_HOSTNAME'}"; - } } } @@ -187,7 +189,6 @@ if (($cgiparams{'SERVERS'} eq $Lang::tr{'save'}) || ($cgiparams{'SERVERS'} eq $L } # Add/Modify the entry to/in the dns_servers hash. - $cgiparams{'TLS_HOSTNAME'} = &Header::escape($cgiparams{'TLS_HOSTNAME'}); $dns_servers{$id} = ["$cgiparams{'NAMESERVER'}", "$cgiparams{'TLS_HOSTNAME'}", "$status", "$cgiparams{'REMARK'}"]; # Write the changed hash to the config file. -- 2.47.3