<?php/* Poweradmin, a friendly web-based admin tool for PowerDNS. * See <https://rejo.zenger.nl/poweradmin> for more details. * * Copyright 2007, 2008 Rejo Zenger <rejo@zenger.nl> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */functionvalidate_input($zid,$type,&$content,&$name,&$prio,&$ttl){global$db;$domain=get_domain_name_from_id($zid);$nocheck=array('SOA','HINFO','NAPTR','URL','MBOXFW','TXT');$hostname=false;$ip4=false;$ip6=false;if(!in_array(strtoupper($type),$nocheck)){if(!is_valid_ip6($content)){if(!is_valid_ip($content)){if(!is_valid_hostname($content)){error(ERR_DNS_CONTENT);returnfalse;}else{$hostname=true;}}else{$ip4=true;}}else{$ip6=true;}}// Prepare total hostname.if($name=='*'){$wildcard=true;}else{$wildcard=false;}if(preg_match("/@/",$name)){$name=$domain;}elseif(!(preg_match("/$domain$/i",$name))){if(isset($name)&&$name!=""){$name=$name.".".$domain;}else{$name=$domain;}}if(!$wildcard){if(!is_valid_hostname($name)){error(ERR_DNS_HOSTNAME);returnfalse;}}// Check record type (if it exists in our allowed list.if(!in_array(strtoupper($type),get_record_types())){error(ERR_DNS_RECORDTYPE);returnfalse;}// Start handling the demands for the functions.// Validation for IN A records. Can only have an IP. Nothing else.if($type=='A'&&!$ip4){error(ERR_DNS_IPV4);returnfalse;}if($type=='AAAA'&&!$ip6){error(ERR_DNS_IPV6);returnfalse;}if($type=='CNAME'&&$hostname){if(!is_valid_cname($name)){error(ERR_DNS_CNAME);returnfalse;}}if($type=='NS'){$status=is_valid_ns($content,$hostname);if($status==-1){error(ERR_DNS_NS_HNAME);returnfalse;}elseif($status==-2){error(ERR_DNS_NS_CNAME);returnfalse;}}if($type=='SOA'&&!is_valid_rr_soa($content)){returnfalse;}// HINFO and TXT require no validation.if($type=='URL'){if(!is_valid_url($content)){error(ERR_INV_URL);returnfalse;}}if($type=='MBOXFW'){if(!is_valid_mboxfw($content)){error(ERR_INV_EMAIL);returnfalse;}}// NAPTR has to be done.// Do we want that?// http://www.ietf.org/rfc/rfc2915.txt// http://www.zvon.org/tmRFC/RFC2915/Output/chapter2.html// http://www.zvon.org/tmRFC/RFC3403/Output/chapter4.html// See if the prio field is valid and if we have one.// If we dont have one and the type is MX record, give it value '10'if($type=='NAPTR'){}if($type=='MX'){if($hostname){$status=is_valid_mx($content,$prio);if($status==-1){error(ERR_DNS_MX_CNAME);returnfalse;}elseif($status==-2){error(ERR_DNS_MX_PRIO);returnfalse;}}else{error(_('If you specify an MX record it must be a hostname.'));// TODO make errorreturnfalse;}}else{$prio=0;}// Validate the TTL, it has to be numeric.$ttl=(!isset($ttl)||!is_numeric($ttl))?$dns_ttl:$ttl;returntrue;}/* * Validatis a CNAME record by the name it will have and its destination * */functionis_valid_cname($dest){/* * This is really EVIL. * If the new record (a CNAME) record is being pointed to by a MX record or NS record we have to bork. * this is the idea. * * MX record: blaat.nl MX mail.blaat.nl * Now we look what mail.blaat.nl is * We discover the following: * mail.blaat.nl CNAME bork.blaat.nl * This is NOT allowed! mail.onthanet.nl can not be a CNAME! * The same goes for NS. mail.blaat.nl must have a normal IN A record. * It MAY point to a CNAME record but its not wished. Lets not support it. */global$db;// Check if there are other records with this information of the following types.// P.S. we might add CNAME to block CNAME recursion and chains.$blockedtypes=" AND (type='MX' OR type='NS')";$cnamec="SELECT type, content FROM records WHERE content=".$db->quote($dest).$blockedtypes;$result=$db->query($cnamec);if($result->numRows()>0){returnfalse;// Lets inform the user he is doing something EVIL.// Ok we found a record that has our content field in their content field.}returntrue;}/* * Checks if something is a valid domain. * Checks for domainname with the allowed characters <a,b,...z,A,B,...Z> and - and _. * This part must be followed by a 2 to 4 character TLD. */functionis_valid_domain($domain){if((eregi("^[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,4}$",$domain))&&(strlen($domain)<=128)){returntrue;}returnfalse;}/* * Validates if given hostname is allowed. * returns true if allowed. */functionis_valid_hostname($host){if(count(explode(".",$host))==1){returnfalse;}// Its not perfect (in_addr.int is allowed) but works for now.if(preg_match('!(ip6|in-addr).(arpa|int)$!i',$host)){if(preg_match('!^(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+$!i',$host)){returntrue;}returnfalse;}// Validate further.return(preg_match('!^(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+$!i',$host))?true:false;}/* * Validates an IPv4 IP. * returns true if valid. */functionis_valid_ip($ip){// Stop reading at this point. Scroll down to the next function...// Ok... you didn't stop reading... now you have to rewrite the whole function! enjoy ;-)// Trance unborked it. Twice even!return($ip==long2ip(ip2long($ip)))?true:false;}/* * Validates an IPv6 IP. * returns true if valid. */functionis_valid_ip6($ip){// Validates if the given IP is truly an IPv6 address.// Precondition: have a string// Postcondition: false: Error in IP// true: IP is correct// Requires: String// Date: 10-sep-2002if(preg_match('!^[A-F0-9:]{1,39}$!i',$ip)==true){// Not 3 ":" or more.$p=explode(':::',$ip);if(sizeof($p)>1){returnfalse;}// Find if there is only one occurence of "::".$p=explode('::',$ip);if(sizeof($p)>2){returnfalse;}// Not more than 8 octects$p=explode(':',$ip);if(sizeof($p)>8){returnfalse;}// Check octet lengthforeach($pas$checkPart){if(strlen($checkPart)>4){returnfalse;}}returntrue;}returnfalse;}/* * FANCY RECORD. * Validates if the fancy record mboxfw is an actual email address. */functionis_valid_mboxfw($email){returnis_valid_email($email);}/* * Validates MX records. * an MX record cant point to a CNAME record. This has to be checked. * this function also sets a proper priority. */functionis_valid_mx($content,&$prio){global$db;// See if the destination to which this MX is pointing is NOT a CNAME record.// Check inside our dns server.if($db->queryOne("SELECT count(id) FROM records WHERE name=".$db->quote($content)." AND type='CNAME'")>0){return-1;}else{// Fix the proper priority for the record.// Bugfix, thanks Oscar :)if(!isset($prio)){$prio=10;}if(!is_numeric($prio)){if($prio==''){$prio=10;}else{return-2;}}}return1;}/* * Validates NS records. * an NS record cant point to a CNAME record. This has to be checked. * $hostname directive means if its a hostname or not (this to avoid that NS records get ip fields) * NS must have a hostname, it is not allowed to have an IP. */functionis_valid_ns($content,$hostname){global$db;// Check if the field is a hostname, it MUST be a hostname.if(!$hostname){return-1;// "an IN NS field must be a hostname."}if($db->queryOne("SELECT count(id) FROM records WHERE name=".$db->quote($content)." AND type='CNAME'")>0){return-2;// "You can not point a NS record to a CNAME record. Remove/rename the CNAME record first or take another name."}return1;}functionis_valid_hostname_label($hostname_label){// See <https://www.poweradmin.org/trac/wiki/Documentation/DNS-hostnames>.if(!preg_match('/^[a-z\d]([a-z\d-]*[a-z\d])*$/i',$hostname_label)){returnfalse;}elseif(preg_match('/^[\d]+$/i',$hostname_label)){returnfalse;}elseif((strlen($hostname_label)<2)||(strlen($hostname_label)>63)){returnfalse;}returntrue;}functionis_valid_hostname_fqdn($hostname){// See <https://www.poweradmin.org/trac/wiki/Documentation/DNS-hostnames>.global$dns_strict_tld_check;global$valid_tlds;$hostname=ereg_replace("\.$","",$hostname);if(strlen($hostname)>255){error(ERR_DNS_HN_TOO_LONG);returnfalse;}$hostname_labels=explode('.',$hostname);$label_count=count($hostname_labels);if($dns_strict_tld_check=="1"&&!in_array($hostname_labels[$label_count-1],$valid_tlds)){error(ERR_DNS_INV_TLD);returnfalse;}if($hostname_labels[$label_count-1]=="arpa"){// FIXME}else{foreach($hostname_labelsas$hostname_label){if(!is_valid_hostname_label($hostname_label)){error(ERR_DNS_HOSTNAME);returnfalse;}}}returntrue;}functionis_valid_rr_soa(&$content){// TODO move to appropiate location// $return = get_records_by_type_from_domid("SOA", $zid);// if($return->numRows() > 1) {// return false;// }$fields=preg_split("/\s+/",trim($content));$field_count=count($fields);if($field_count==0||$field_count>7){returnfalse;}else{if(!is_valid_hostname_fqdn($fields[0])||preg_match('/\.arpa\.?$/',$fields[0])){returnfalse;}$final_soa=$fields[0];if(isset($fields[1])){$addr_input=$fields[1];}else{global$dns_hostmaster;$addr_input=$dns_hostmaster;}if(!preg_match("/@/",$addr_input)){$addr_input=preg_split('/(?<!\\\)\./',$addr_input,2);$addr_to_check=str_replace("\\","",$addr_input[0])."@".$addr_input[1];}else{$addr_to_check=$addr_input;}if(!is_valid_email($addr_to_check)){returnfalse;}else{$addr_final=explode('@',$addr_to_check,2);$final_soa.=" ".str_replace(".","\\.",$addr_final[0]).".".$addr_final[1];}if(isset($fields[2])){if(!is_numeric($fields[2])){returnfalse;}$final_soa.=" ".$fields[2];}else{$final_soa.=" 0";}if($field_count==7){for($i=3;($i<7);$i++){if(!is_numeric($fields[$i])){returnfalse;}else{$final_soa.=" ".$fields[$i];}}}}$content=$final_soa;returntrue;}functionis_valid_url($url){returnpreg_match('!^(http://)(([A-Z\d]|[A-Z\d][A-Z\d-]*[A-Z\d])\.)*[A-Z\d]+([//]([0-9a-z//~#%&\'_\-+=:?.]*))?$!i',$url);}functionis_valid_search($holygrail){// Only allow for alphanumeric, numeric, dot, dash, underscore and // percent in search string. The last two are wildcards for SQL.// Needs extension probably for more usual record types.returnpreg_match('/^[a-z0-9.\-%_]+$/i',$holygrail);}?>