diff --git a/scripts/pi-hole/php/func.php b/scripts/pi-hole/php/func.php index 1573e5d6..c2e42b48 100644 --- a/scripts/pi-hole/php/func.php +++ b/scripts/pi-hole/php/func.php @@ -8,12 +8,27 @@ // Credit: http://stackoverflow.com/a/4694816/2087442 // Modified because of https://github.com/pi-hole/AdminLTE/pull/533 -function validDomain($domain_name) +ini_set("pcre.recursion_limit", 1500); +function validDomain($domain_name, &$message = NULL) { - $validChars = preg_match("/^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$/i", $domain_name); - $lengthCheck = preg_match("/^.{1,253}$/", $domain_name); - $labelLengthCheck = preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name); - return ( $validChars && $lengthCheck && $labelLengthCheck ); //length of each label + if(!preg_match("/^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$/i", $domain_name)) { + if($message !== NULL) + $message = "it contains invalid characters"; + return false; + } + if(!preg_match("/^.{1,253}$/", $domain_name)) { + if($message !== NULL) + $message = "its length is invalid"; + return false; + } + if(!preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name)) { + if($message !== NULL) + $message = "at least one label is of invalid length"; + return false; + } + + // everything is okay + return true; } function validDomainWildcard($domain_name) diff --git a/scripts/pi-hole/php/groups.php b/scripts/pi-hole/php/groups.php index ec27b6ef..838dbf83 100644 --- a/scripts/pi-hole/php/groups.php +++ b/scripts/pi-hole/php/groups.php @@ -646,15 +646,16 @@ if ($_POST['action'] == 'get_groups') { { // If adding to the exact lists, we convert the domain lower case and check whether it is valid $domain = strtolower($domain); - if(validDomain($domain)) + $msg = ""; + if(!validDomain($domain, $msg)) { // This is the case when idn_to_ascii() modified the string if($input !== $domain && strlen($domain) > 0) - $errormsg = 'Domain ' . htmlentities($input) . ' (converted to "' . htmlentities(utf8_encode($domain)) . '") is not a valid domain.'; + $errormsg = 'Domain ' . htmlentities($input) . ' (converted to "' . htmlentities(utf8_encode($domain)) . '") is not a valid domain because ' . $msg . '.'; elseif($input !== $domain) - $errormsg = 'Domain ' . htmlentities($input) . ' is not a valid domain.'; + $errormsg = 'Domain ' . htmlentities($input) . ' is not a valid domain because ' . $msg . '.'; else - $errormsg = 'Domain ' . htmlentities(utf8_encode($domain)) . ' is not a valid domain.'; + $errormsg = 'Domain ' . htmlentities(utf8_encode($domain)) . ' is not a valid domain because ' . $msg . '.'; throw new Exception($errormsg . '
Added ' . $added . " out of ". $total . " domains"); } } diff --git a/scripts/pi-hole/php/queryads.php b/scripts/pi-hole/php/queryads.php index 4302d561..38d4e8d2 100644 --- a/scripts/pi-hole/php/queryads.php +++ b/scripts/pi-hole/php/queryads.php @@ -9,6 +9,7 @@ while (ob_get_level() > 0) { ob_end_flush(); } +require_once("func.php"); ini_set("output_buffering", "0"); ob_implicit_flush(true); header('Content-Type: text/event-stream'); @@ -21,16 +22,6 @@ function echoEvent($datatext) { echo $datatext; } -// Credit: http://stackoverflow.com/a/4694816/2087442 -ini_set("pcre.recursion_limit", 1500); -function validDomain($domain_name) -{ - return ($domain_name[0] !== '-' // Don't allow domains to appear as command line options - && preg_match("/^((-|_)*[a-z\d]((-|_)*[a-z\d])*(-|_)*)(\.(-|_)*([a-z\d]((-|_)*[a-z\d])*))*$/i", $domain_name) // Valid chars check - && preg_match("/^.{1,253}$/", $domain_name) // Overall length check - && preg_match("/^[^\.]{1,63}(\.[^\.]{1,63})*$/", $domain_name) ); // Length of each label -} - // Test if domain is set if(isset($_GET["domain"])) {