Jump to content

validateHostname Should Accept Uppercase Characters


Jonathan

Recommended Posts

Currently the validateHostname() function in most modules looks something like this:

   /**
     * Validates that the given hostname is valid
     *
     * @param string $host_name The host name to validate
     * @param bool $require_fqdn True to require a FQDN (e.g. host.domain.com),
     *  or false for a partial name (e.g. domain.com) (optional, default false)
     * @return bool True if the hostname is valid, false otherwise
     */
    public function validateHostName($host_name, $require_fqdn = false)
    {
        if (strlen($host_name) > 255) {
            return false;
        }

        $octet = "([a-z0-9]|[a-z0-9][a-z0-9\-]{0,61}[a-z0-9])";
        $nested_octet = "(\." . $octet . ')';
        $hostname_regex = '/^' . $octet . $nested_octet . ($require_fqdn ? $nested_octet : '') . '+$/';

        return $this->Input->matches($host_name, $hostname_regex);
    }

While sure hostnames shouldn't contain uppercase characters (my opinion), it's perfectly valid RFC and we shouldn't cause undue burden on the customer with vague rejection messages that what they entered isn't a valid domain/hostname simply because it contains uppercase letters.

A better solution would be to update the regex to accept A-z and then in the modules run it through strtolower().

Link to comment
Share on other sites

Maybe we can start a list of modules affected, which are you personally seeing this with? We would have to create a task for every module we intend to update.

I agree that upper shouldn't be rejected, and that it should be run through strtolower() before it is sent through any API or saved to the database. Most of us never consider using an uppercase letter in a hostname, so it's a kind of edge case.

Link to comment
Share on other sites

4 minutes ago, Paul said:

so it's a kind of edge case

Not for the customers that are confused by this on a daily basis while trying to order.

I know cPanel and SolusVM are both impacted.  Beyond that I'm not sure but a quick search for modules that define "validateHostName" as a function, it's quite a few beyond this!

Link to comment
Share on other sites

It looks like almost any module that accepts a hostname uses that check to validate it.

PHP offers FILTER_VALIDATE_DOMAIN that you can use with filter_var to check a hostname (along with the flag FILTER_FLAG_HOSTNAME in php 7+) which which would provide a more robust checking mechanism.  This still would have issues with internationalized domain names but covers a large majority of cases.

On the other hand if you fix this yourself, adding support for IDN's would be something nice as well as they seem to be gaining popularity.

Link to comment
Share on other sites

  • 4 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...