servnest/fn/dns.php

<?php declare(strict_types=1);

function parseZoneFile(string $zone_content, array $types, bool|string $filter_domain = false, bool $filter_include_subdomains = true): array {
	$parsed_zone_content = [];
	foreach (explode(LF, $zone_content) as $zone_line) {
		if ($zone_line === '' OR str_starts_with($zone_line, ';'))
			continue; // Ignore empty lines and comments
		$elements = preg_split('/[\t ]+/', $zone_line, 4);
		if ($filter_domain !== false AND match ($filter_include_subdomains) {
			true => !str_ends_with($elements[0], $filter_domain),
			false => $elements[0] !== $filter_domain,
		})
			continue; // Ignore records for other domains
		if (!in_array($elements[2], $types, true))
			continue; // Ignore records generated by Knot
		array_push($parsed_zone_content, $elements);
	}
	return $parsed_zone_content;
}

function knotc(array $cmds, array &$output = NULL, int &$return_code = NULL): void {
	exescape([
		CONF['dns']['knotc_path'],
		'--blocking',
		'--timeout',
		'20',
		'--',
		...$cmds,
	], $output, $return_code);
}

function knotcConfExec(array $cmds): void {
	knotc(['conf-begin'], $output['begin'], $code['begin']);
	if ($code['begin'] !== 0)
		output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');

	foreach ($cmds as $cmd) {
		knotc($cmd, $output['op'], $code['op']);
		if ($code['op'] !== 0) {
			knotc(['conf-abort']);
			output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
		}
	}

	knotc(['conf-commit'], $output['commit'], $code['commit']);
	if ($code['commit'] !== 0) {
		knotc(['conf-abort']);
		output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
	}
}

function knotcZoneExec(string $zone, array $cmd, string $action = NULL): void {
	$action = checkAction($action ?? $_POST['action']);

	knotc(['zone-begin', $zone], $output['begin'], $code['begin']);
	if ($code['begin'] !== 0)
		output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');

	knotc(['zone-' . $action . 'set', $zone, ...$cmd], $output['op'], $code['op']);
	if ($code['op'] !== 0) {
		knotc(['zone-abort', $zone]);
		output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');
	}

	knotc(['zone-commit', $zone], $output['commit'], $code['commit']);
	if ($code['commit'] !== 0) {
		knotc(['zone-abort', $zone]);
		output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');
	}
}

function checkIpFormat(string $ip): string {
	return match ($ip) {
		filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) => 'AAAA',
		filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) => 'A',
		default => output(403, _('IP address malformed.')),
	};
}

function checkAbsoluteDomainFormat(string $domain): void { // If the domain must end with a dot
	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)
		output(403, _('Domain malformed.'));
}

function formatEndWithDot(string $str): string {
	if (!str_ends_with($str, '.'))
		$str .= '.';
	return $str;
}

function formatAbsoluteDomain(string $domain): string {
	$domain = formatEndWithDot(strtolower($domain));
	checkAbsoluteDomainFormat($domain);
	return $domain;
}

function checkAction(string $action): string {
	return match ($action) {
		'add' => '',
		'delete' => 'un',
		default => output(403, 'Wrong value for action.'),
	};
}
declare(strict_types=1); 2023-07-17 21:15:18 +02:00			`<?php declare(strict_types=1);`
?, remove too much indentation 2021-02-17 22:48:49 +01:00
Add ns/sync and jobs/ns-syncs 2023-06-24 16:54:36 +02:00			`function parseZoneFile(string $zone_content, array $types, bool\|string $filter_domain = false, bool $filter_include_subdomains = true): array {`
Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00			`$parsed_zone_content = [];`
feature: reg: allow multiple suffixes 2023-01-23 01:14:59 +01:00			`foreach (explode(LF, $zone_content) as $zone_line) {`
Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00			`if ($zone_line === '' OR str_starts_with($zone_line, ';'))`
			`continue; // Ignore empty lines and comments`
			`$elements = preg_split('/[\t ]+/', $zone_line, 4);`
Add ns/sync and jobs/ns-syncs 2023-06-24 16:54:36 +02:00			`if ($filter_domain !== false AND match ($filter_include_subdomains) {`
			`true => !str_ends_with($elements[0], $filter_domain),`
			`false => $elements[0] !== $filter_domain,`
			`})`
Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00			`continue; // Ignore records for other domains`
Ensure domains are not too long 2023-04-21 19:01:46 +02:00			`if (!in_array($elements[2], $types, true))`
			`continue; // Ignore records generated by Knot`
Add ns/sync and jobs/ns-syncs 2023-06-24 16:54:36 +02:00			`array_push($parsed_zone_content, $elements);`
Split pages/ between pg-act/ and pg-view/ 2022-12-20 21:17:03 +01:00			`}`
			`return $parsed_zone_content;`
			`}`

Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`function knotc(array $cmds, array &$output = NULL, int &$return_code = NULL): void {`
			`exescape([`
			`CONF['dns']['knotc_path'],`
			`'--blocking',`
			`'--timeout',`
Knot timeout: 3 > 20 2023-08-11 18:56:52 +02:00			`'20',`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`'--',`
			`...$cmds,`
			`], $output, $return_code);`
			`}`

			`function knotcConfExec(array $cmds): void {`
			`knotc(['conf-begin'], $output['begin'], $code['begin']);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code['begin'] !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
			`foreach ($cmds as $cmd) {`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc($cmd, $output['op'], $code['op']);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code['op'] !== 0) {`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['conf-abort']);`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`}`
			`}`

Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['conf-commit'], $output['commit'], $code['commit']);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code['commit'] !== 0) {`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['conf-abort']);`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'knotcConfExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`}`
			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function knotcZoneExec(string $zone, array $cmd, string $action = NULL): void {`
Add reg/transfer.php 2022-12-13 16:52:10 +01:00			`$action = checkAction($action ?? $_POST['action']);`
knotc error handling using knotcExec() 2022-05-25 01:16:41 +02:00
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['zone-begin', $zone], $output['begin'], $code['begin']);`
knotc error handling using knotcExec() 2022-05-25 01:16:41 +02:00			`if ($code['begin'] !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['begin'] . '</samp>: <samp>' . $output['begin'][0] . '</samp>.');`
knotc error handling using knotcExec() 2022-05-25 01:16:41 +02:00
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['zone-' . $action . 'set', $zone, ...$cmd], $output['op'], $code['op']);`
knotcExec: abort transition on failure 2022-06-10 00:38:05 +02:00			`if ($code['op'] !== 0) {`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['zone-abort', $zone]);`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['op'] . '</samp>: <samp>' . $output['op'][0] . '</samp>.');`
knotcExec: abort transition on failure 2022-06-10 00:38:05 +02:00			`}`
knotc error handling using knotcExec() 2022-05-25 01:16:41 +02:00
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['zone-commit', $zone], $output['commit'], $code['commit']);`
knotcExec: abort transition on failure 2022-06-10 00:38:05 +02:00			`if ($code['commit'] !== 0) {`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`knotc(['zone-abort', $zone]);`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'knotcZoneExec: <code>knotc</code> failed with exit code <samp>' . $code['commit'] . '</samp>: <samp>' . $output['commit'][0] . '</samp>.');`
knotcExec: abort transition on failure 2022-06-10 00:38:05 +02:00			`}`
knotc error handling using knotcExec() 2022-05-25 01:16:41 +02:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function checkIpFormat(string $ip): string {`
Add reg/edit.php and regParseRecord() 2023-07-31 01:13:06 +02:00			`return match ($ip) {`
			`filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) => 'AAAA',`
			`filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) => 'A',`
			`default => output(403, _('IP address malformed.')),`
			`};`
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function checkAbsoluteDomainFormat(string $domain): void { // If the domain must end with a dot`
Ensure domains are not too long 2023-04-21 19:01:46 +02:00			`if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)`
Gettext internationalization and english translation 2023-01-21 01:27:52 +01:00			`output(403, _('Domain malformed.'));`
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function formatEndWithDot(string $str): string {`
Add formatAbsoluteDomain, remove regGetUpperDomain 2022-06-15 15:30:18 +02:00			`if (!str_ends_with($str, '.'))`
			`$str .= '.';`
			`return $str;`
			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function formatAbsoluteDomain(string $domain): string {`
Add formatAbsoluteDomain, remove regGetUpperDomain 2022-06-15 15:30:18 +02:00			`$domain = formatEndWithDot(strtolower($domain));`
			`checkAbsoluteDomainFormat($domain);`
			`return $domain;`
			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function checkAction(string $action): string {`
Use the query() function more 2022-06-12 01:31:16 +02:00			`return match ($action) {`
			`'add' => '',`
			`'delete' => 'un',`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`default => output(403, 'Wrong value for action.'),`
Use the query() function more 2022-06-12 01:31:16 +02:00			`};`
?, remove too much indentation 2021-02-17 22:48:49 +01:00			`}`