diff --git a/app/DataProviders/Domains.php b/app/DataProviders/Domains.php index 814baeebad0f..84ef923ed259 100644 --- a/app/DataProviders/Domains.php +++ b/app/DataProviders/Domains.php @@ -12,7 +12,8 @@ namespace App\DataProviders; -class Domains { +class Domains +{ private static array $verify_domains = [ '0-00.usa.cc', diff --git a/app/Http/Controllers/SubdomainController.php b/app/Http/Controllers/SubdomainController.php index 3800935ac85c..902fe115cfe7 100644 --- a/app/Http/Controllers/SubdomainController.php +++ b/app/Http/Controllers/SubdomainController.php @@ -30,6 +30,12 @@ class SubdomainController extends BaseController return response()->json(['message' => ctrans('texts.subdomain_is_not_available')], 401); } + + if (!preg_match('/^[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?$/', request()->input('subdomain'))) { + return response()->json(['message' => ctrans('texts.subdomain_is_not_available')], 401); + } + + return response()->json(['message' => 'Domain available'], 200); } } diff --git a/tests/Unit/DomainCheckTest.php b/tests/Unit/DomainCheckTest.php index 81bf7fd07757..ccd51be7deb4 100644 --- a/tests/Unit/DomainCheckTest.php +++ b/tests/Unit/DomainCheckTest.php @@ -28,8 +28,20 @@ class DomainCheckTest extends TestCase public function testDomainCheck() { - $this->assertTrue(in_array('yopmail.com', Domains::getDomains())); - $this->assertFalse(in_array('invoiceninja.com', Domains::getDomains())); + $this->assertTrue(in_array('yopmail.com', \App\DataProviders\Domains::getDomains())); + $this->assertFalse(in_array('invoiceninja.com', \App\DataProviders\Domains::getDomains())); } + + public function testSubdomainValidation() + { + $this->assertFalse($this->checker('invoiceninja')); + $this->assertFalse($this->checker('hello')); + $this->assertTrue($this->checker('nasty.pasty')); + } + + public function checker($subdomain) + { + return (!preg_match('/^[A-Za-z0-9](?:[A-Za-z0-9\-]{0,61}[A-Za-z0-9])?$/', $subdomain)); + } }