Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SUPEE-7405 from Magento 1.9.3.0 - Hostname Validation #314

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

SUPEE-7405 from Magento 1.9.3.0 - Hostname Validation #314

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
57c806c
Hostname Validation
sreichel Jan 19, 2023
cde8fdc
Check for existence of Net_IDNA2
sreichel Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 29 additions & 1 deletion library/Zend/Validate/Hostname.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2188,7 +2188,9 @@ public function isValid($value)
$this->_tld = $matches[1];
if ($this->_options['tld']) {
if (!in_array(strtolower($this->_tld), $this->_validTlds)
&& !in_array($this->_tld, $this->_validTlds)) {
&& !in_array($this->_tld, $this->_validTlds)
&& !$this->checkDnsRecords($this->_value)
) {
$this->_error(self::UNKNOWN_TLD);
$status = false;
break;
Expand Down Expand Up @@ -2423,4 +2425,30 @@ protected function decodePunycode($encoded)

return implode($decoded);
}

/**
* Returns true if any DNS records corresponding to a given Internet host are found.
* Returns false if no DNS records were found or if an error occurred.
* Checks A-Record.
*
* @param string $hostName
*
* @return bool
*/
protected function checkDnsRecords($hostName)
{
if (function_exists('idn_to_ascii')) {
if (defined('IDNA_NONTRANSITIONAL_TO_ASCII') && defined('INTL_IDNA_VARIANT_UTS46')) {
$toAscii = idn_to_ascii($hostName, IDNA_NONTRANSITIONAL_TO_ASCII, INTL_IDNA_VARIANT_UTS46);
} else {
$toAscii = idn_to_ascii($hostName);
}
$result = checkdnsrr($toAscii, 'A');
} else {
$idn = new Net_IDNA2();
Copy link

@boenrobot boenrobot Jan 19, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Surely, at least "suggested" for "pear/Net_IDNA2" will need to be added for this. Also, this should probably be conditional.

Also, what if I don't have the Intl extension and I don't want to depend on "pear/Net_IDNA2" either? Maybe if neither Intl or Net_IDNA2 are present, fallback to giving checkdnsrr() the raw hostname?

Also, on a related note, I'm not sure I want my hostname validation to cause a DNS lookup altogether. What if I want to add a hostname that isn't currently resolvable (because it's a domain that will be launched later)? Or is internal to a different system than the one my code is running in? In both cases, I still want to validate that I've given a syntactically valid name that may possibly exist, but not necessarily one that truly exists. I think this entire change should be behind a new option that defaults to not running the check, for the sake of backwards compatibility. The currently failing tests on 8.0 are failing exactly because the test data for this validator is not an existing hostname, though still a syntactically valid one.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

zf2 has appropriate flags:

also symfony has polyfill for those idn stuff:

$result = checkdnsrr($idn->encode($hostName), 'A');
}

return $result;
}
}