ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

When adding a domain, flag if no SOA record exists (prevents most sub-domains)

Browse Source
This commit is contained in:
wrongecho
2025-11-06 10:41:52 +00:00
parent 16001f8d4e
commit 3813fbf8f2
3 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
agent/ajax.php
View File

@@ -971,3 +971,24 @@ if (isset($_GET['ai_ticket_summary'])) {
echo $summary; // nl2br to convert newlines to <br>, htmlspecialchars to prevent XSS echo $summary; // nl2br to convert newlines to <br>, htmlspecialchars to prevent XSS
} }
// Stops people trying to use sub-domains in the domains tracker
if (isset($_GET['apex_domain_check'])) {
enforceUserPermission('module_support', 2);
$domain = sanitizeInput($_GET['domain']);
$response['message'] = ""; // default
if (strlen($domain) >= 4) {
// SOA record check
// This isn't 100%, as sub-domains can have their own SOA but will capture 99%
if (!checkdnsrr($domain, 'SOA')) {
$response['message'] = "<i class='fas fa-fw fa-exclamation-triangle mr-2'></i> Domain name is invalid.";
}
}
echo json_encode($response);
}

2
agent/modals/contact/contact_add.php
View File

@@ -349,7 +349,7 @@ $(document).ready(function() {
//Send a GET request to ajax.php as ajax.php?contact_email_check=true&email=email //Send a GET request to ajax.php as ajax.php?contact_email_check=true&email=email
jQuery.get( jQuery.get(
"ajax.php", "ajax.php",
{contact_email_check: 'email', email: email}, {contact_email_check: 'true', email: email},
function(data) { function(data) {
//If we get a response from ajax.php, parse it as JSON //If we get a response from ajax.php, parse it as JSON
const contact_check_data = JSON.parse(data); const contact_check_data = JSON.parse(data);

22
agent/modals/domain/domain_add.php
View File

@@ -65,7 +65,10 @@ ob_start();
<div class="input-group-prepend"> <div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
</div> </div>
<input type="text" class="form-control" name="name" placeholder="example.com" maxlength="200" required autofocus> <input type="text" class="form-control" name="name" id="domain_name" placeholder="example.com" maxlength="200" required autofocus onfocusout="domain_check()">
</div>
<div class="mt-2">
<span class="text-info" id="domain_check_info"></span>
</div> </div>
</div> </div>
@@ -193,6 +196,23 @@ ob_start();
</div> </div>
</form> </form>
<script>
// Checks domains aren't sub-domains (99%)
function domain_check() {
var domain = document.getElementById("domain_name").value;
//Send a GET request to ajax.php as ajax.php?apex_domain_check=true&domain=domain
jQuery.get(
"ajax.php",
{apex_domain_check: 'true', domain: domain},
function(data) {
//If we get a response from ajax.php, parse it as JSON
const domain_check_data = JSON.parse(data);
document.getElementById("domain_check_info").innerHTML = domain_check_data.message;
}
);
}
</script>
<?php <?php
require_once '../../../includes/modal_footer.php'; require_once '../../../includes/modal_footer.php';