From 13da4252620885e73e379365c55385bfd9ffcb92 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 1 Jun 2024 18:47:50 +0300 Subject: [PATCH] luci-app-acme: Validate domains We can't just use the datatype = "list(hostname)" because a domain may have a wildcard. So check the domain by a simple regexp. Check that DNS mode is used for wildcard. Make the wildcard allowed only the beginning. Add lowercase requirement. Signed-off-by: Sergey Ponomarev --- .../htdocs/luci-static/resources/view/acme.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js b/applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js index 818fe39baf..07cac56416 100644 --- a/applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js +++ b/applications/luci-app-acme/htdocs/luci-static/resources/view/acme.js @@ -83,6 +83,21 @@ return view.extend({ "The first name will be the subject name, subsequent names will be alt names. " + "Note that all domain names must point at the router in the global DNS.")); o.datatype = "list(string)"; + o.validate = function (section_id, value) { + if (!value) { + return true; + } + if (!/^[*a-z0-9][a-z0-9.-]*$/.test(value)) { + return _('Invalid domain. Allowed lowercase a-z, numbers and hyphen -'); + } + if (value.startsWith('*')) { + let method = this.section.children.filter(function (o) { return o.option == 'validation_method'; })[0].formvalue(section_id); + if (method && method !== 'dns') { + return _('wildcards * require Validation method: DNS'); + } + } + return true; + }; o = s.taboption('challenge_webroot', form.Value, 'webroot', _('Webroot directory'), _("Webserver root directory. Set this to the webserver " + -- 2.30.2