Jason 'XenoPhage' Frisvold wrote:
Len Padilla wrote:
I recently discovered, after a careless user cut and pasted a name with a "^M" character in it, that there is no validation of the $name value of domain records.
I've modified functions.php to include a validation routing, which insists that the name field of the record contain only ".", "-", 0-9, a-z characters.
Following is a diff. I don't use the update-data.sh script (I use
sql2data) so it might be a good idea to include some sanity checking
there too, in case the DB contains illegal characters.
What is sql2data ? Custom script ?
Regards,
Len
*sql2data* is a Perl script that fetches DNS information from an SQL database and dumps then in tinydns-data format into the file 'data'. Additional static DNS data from the text file static_data are copied into 'data'. *sql2data* optionally executes 'make' upon successful export/dump. Backups can be made to the files old_data and good_data.cdb. Optionally, DNS NOTIFY packets may be sent to the different nameservers referenced for the different zones.
