Jump to content

Recommended Posts

Posted

Currently the validateHostname() function in most modules looks something like this:

   /**
     * Validates that the given hostname is valid
     *
     * @param string $host_name The host name to validate
     * @param bool $require_fqdn True to require a FQDN (e.g. host.domain.com),
     *  or false for a partial name (e.g. domain.com) (optional, default false)
     * @return bool True if the hostname is valid, false otherwise
     */
    public function validateHostName($host_name, $require_fqdn = false)
    {
        if (strlen($host_name) > 255) {
            return false;
        }

        $octet = "([a-z0-9]|[a-z0-9][a-z0-9\-]{0,61}[a-z0-9])";
        $nested_octet = "(\." . $octet . ')';
        $hostname_regex = '/^' . $octet . $nested_octet . ($require_fqdn ? $nested_octet : '') . '+$/';

        return $this->Input->matches($host_name, $hostname_regex);
    }

While sure hostnames shouldn't contain uppercase characters (my opinion), it's perfectly valid RFC and we shouldn't cause undue burden on the customer with vague rejection messages that what they entered isn't a valid domain/hostname simply because it contains uppercase letters.

A better solution would be to update the regex to accept A-z and then in the modules run it through strtolower().

Posted

Maybe we can start a list of modules affected, which are you personally seeing this with? We would have to create a task for every module we intend to update.

I agree that upper shouldn't be rejected, and that it should be run through strtolower() before it is sent through any API or saved to the database. Most of us never consider using an uppercase letter in a hostname, so it's a kind of edge case.

Posted
  On 8/16/2018 at 5:11 PM, Paul said:

so it's a kind of edge case

Expand  

Not for the customers that are confused by this on a daily basis while trying to order.

I know cPanel and SolusVM are both impacted.  Beyond that I'm not sure but a quick search for modules that define "validateHostName" as a function, it's quite a few beyond this!

Posted

It looks like almost any module that accepts a hostname uses that check to validate it.

PHP offers FILTER_VALIDATE_DOMAIN that you can use with filter_var to check a hostname (along with the flag FILTER_FLAG_HOSTNAME in php 7+) which which would provide a more robust checking mechanism.  This still would have issues with internationalized domain names but covers a large majority of cases.

On the other hand if you fix this yourself, adding support for IDN's would be something nice as well as they seem to be gaining popularity.

  • 4 weeks later...

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...