Project

General

Profile

Bug #9023

is_fqdn() validation

Added by Nano Caiordo over 1 year ago. Updated 2 months ago.

Status:
Resolved
Priority:
Normal
Category:
Web Interface
Target version:
Start date:
10/07/2018
Due date:
% Done:

100%

Estimated time:
Affected Version:
Affected Architecture:

Description

Hello,

current validation doesn't follow any RFC guideline and it's pretty much broken.

var_dump(is_fqdn('a!@#$%^&0.b%^a1'));
bool(true)

A patch is ready and I'll generate the push request right after this gets submitted.

is_fqdn.txt (2.61 KB) is_fqdn.txt speed and domain validation comparison file Nano Caiordo, 11/30/2018 03:47 AM

History

#1 Updated by Nano Caiordo over 1 year ago

Ulterior information on this patch:

As per php.net/manual/en/filter.filters.validate.php: FILTER_VALIDATE_DOMAIN

Validates domain names against RFC 1034, RFC 1035, RFC 952, RFC 1123, RFC 2732, RFC 2181, and RFC 1123. Optional flag FILTER_FLAG_HOSTNAME adds ability to specifically validate hostnames (they must start with an alphanumberic character and contain only alphanumerics or hyphens).

filter_var() returns false on failure or the entire unmodified input string on success, on this the patch removes any valid trailing dot before counting parts.
Sure the patch could be modified to trim and count on success only.

Above RFCs are pretty old but updated only for domain DNS names, records with underscore, and SMTP mail transport specifications.
This patch will not validate a domain DNS name such as _tcp.example.test, as I suppose is_fqdn() target RFC 1123.

bool(true) 'sub.domain.test.'
bool(true) 'sub.domain.test'
bool(true) 'xn--sub.xn--domain.test'

bool(false) 'domain.test.'
bool(false) 'domain.test'
bool(false) '-sub.domain.test'
bool(false) '_sub.domain.test'
bool(false) 's_ub.domain.test'

#2 Updated by Nano Caiordo over 1 year ago

I'm testing via System Patcher since https://github.com/pfsense/pfsense/pull/3998 went into approved/needs testing and so far unbound reloads are quite faster, placebo effect? Could anyone confirm?

As a reference I'm also adding here a speed and domain validation comparison file over thousands of iterations (cannot quite remember the exact number).

#3 Updated by Renato Botelho about 1 year ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • Priority changed from High to Normal
  • Target version set to 2.5.0
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#4 Updated by Jim Pingle 11 months ago

  • Category set to Web Interface

#5 Updated by Viktor Gurov 2 months ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200424.1759

looks good:

domain.test. true
domain.test true
_sub.domain.test true
s_ub.domain.test true
xn--sub.xn--domain.test true
sub.domain.test true
sub.domain.test. true
123domain.test true
domain123.test true
domain123.test123 false
domain-.test false
domain.test- false
-sub.domain.test false

Also available in: Atom PDF