Fix SPF multiple records validation

Webslice · Marius Burkard · commit ebdc1c772416 · 2020-03-02T15:34:50.000+01:00
diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
@@ -157,7 +157,7 @@ function onSubmit() {
 		} // end if user is not admin
 		
 		// Check that the record does not yet exist
-		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE id != ? AND zone = ? AND name = ? AND type = 'TXT'", $this->dataRecord['id'], $_POST['zone'], $_POST['name']);
+		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ? AND name = ? AND type = 'TXT' AND data LIKE 'v=spf1%'", $_POST['zone'], $_POST['name']);
 		if (!empty($existing_records)) {
 			if (count($existing_records) > 1) {
 				$multiple_existing_records_error_txt = $app->tform->wordbook['spf_record_exists_multiple_txt'];
@@ -166,13 +166,18 @@ function onSubmit() {
 				$app->error($multiple_existing_records_error_txt);
 			}
 
+			// If there is just one existing record, three things can be going on:
+			// - if we are adding a new record, show a warning that it already exists and offer to edit it
+			// - if we are editing an existing record and changing its 'name' field to one that is already existing, also show the warning
+			// - otherwise we are just editing the existing the record, so there is no need for a warning
 			$existing_record = array_pop($existing_records);
-			
-			$existing_record_error_txt = $app->tform->wordbook['spf_record_exists_txt'];
-			$existing_record_error_txt = str_replace('{hostname}', $_POST['name'], $existing_record_error_txt);
-			$existing_record_error_txt = str_replace('{existing_record_id}', $existing_record['id'], $existing_record_error_txt);
+			if (empty($this->dataRecord['id']) || ($this->dataRecord['id'] !== $existing_record['id'])) {
+				$existing_record_error_txt = $app->tform->wordbook['spf_record_exists_txt'];
+				$existing_record_error_txt = str_replace('{hostname}', $_POST['name'], $existing_record_error_txt);
+				$existing_record_error_txt = str_replace('{existing_record_id}', $existing_record['id'], $existing_record_error_txt);
 
-			$app->error($existing_record_error_txt);
+				$app->error($existing_record_error_txt);
+			}
 		}
 
 		// Create spf-record
diff --git a/interface/web/dns/dns_txt_edit.php b/interface/web/dns/dns_txt_edit.php
@@ -53,7 +53,7 @@ function onLoad() {
 		}
 
 		// Redirect to SPF wizard if we detect a SPF record
-		if (!empty($this->dataRecord['data'])) {
+		if ('GET' === $_SERVER['REQUEST_METHOD'] && !empty($this->dataRecord['data'])) {
 			if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
 				header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
 				exit;

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,7 @@ function onLoad() {`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`// Redirect to SPF wizard if we detect a SPF record`
`56`		`- if (!empty($this->dataRecord['data'])) {`
	`56`	`+ if ('GET' === $_SERVER['REQUEST_METHOD'] && !empty($this->dataRecord['data'])) {`
`57`	`57`	`if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {`
`58`	`58`	`header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));`
`59`	`59`	`exit;`