Improved input checks in the DNS wizard. Related to: FS#939 - DNS Bug

Author: tbrehm

interface/web/dns/dns_wizard.php

@@ -137,6 +137,11 @@
 	if(isset($_POST['ns2']) && $_POST['ns2'] == '') $error .= $app->lng('error_ns2_empty').'<br />';
 	if(isset($_POST['email']) && $_POST['email'] == '') $error .= $app->lng('error_email_empty').'<br />';
 
+	if(!preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z]{2,10}[\.]{0,1}$/',$_POST['domain'])) $error .= $app->lng('error_domain_regex').'<br />';
+	if(!preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z]{2,10}[\.]{0,1}$/',$_POST['ns1'])) $error .= $app->lng('error_ns1_regex').'<br />';
+	if(!preg_match('/^[\w\.\-]{2,64}\.[a-zA-Z]{2,10}[\.]{0,1}$/',$_POST['ns2'])) $error .= $app->lng('error_ns2_regex').'<br />';
+	if(!preg_match('/^\w+[\w.-]*\w+@\w+[\w.-]*\w+\.[a-z]{2,10}$/i',$_POST['email'])) $error .= $app->lng('error_email_regex').'<br />';
+	
 	// make sure that the record belongs to the clinet group and not the admin group when a dmin inserts it
 	if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($_POST['client_group_id'])) {
 		$sys_groupid = intval($_POST['client_group_id']);

interface/web/dns/lib/lang/en_dns_wizard.lng

@@ -23,5 +23,8 @@ $wb['error_ip_empty'] = 'IP empty.';
 $wb['error_ns1_empty'] = 'NS1 empty.';
 $wb['error_ns2_empty'] = 'NS2 empty.';
 $wb['error_email_empty'] = 'EMail empty.';
-
+$wb['error_domain_regex'] = 'Domain contains invalid characters.';
+$wb['error_ns1_regex'] = 'NS1 contains invalid characters.';
+$wb['error_ns2_regex'] = 'NS2 contains invalid characters.';
+$wb['error_email_regex'] = 'Email does not contain a valid email address.';
 ?>