afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
afuna ([personal profile] afuna) wrote in [site community profile] changelog2009-07-07 02:28 pm
  • Add Memory
  • Share This Entry

[dw-free] Domain forwarding should not allow domains suffixed with dw.org

[commit: http://hg.dwscoalition.org/dw-free/rev/f352e74e27cf]

http://bugs.dwscoalition.org/show_bug.cgi?id=1307

Check when saving domain and when processing the request.

Patch by [personal profile] afuna.

Files modified:
  • cgi-bin/Apache/LiveJournal.pm
  • cgi-bin/LJ/Setting/DomainMapping.pm
  • htdocs/manage/domain.bml
  • htdocs/modify_do.bml.text
--------------------------------------------------------------------------------
diff -r 9334c6a03bff -r f352e74e27cf cgi-bin/Apache/LiveJournal.pm
--- a/cgi-bin/Apache/LiveJournal.pm	Tue Jul 07 14:21:45 2009 +0000
+++ b/cgi-bin/Apache/LiveJournal.pm	Tue Jul 07 14:26:40 2009 +0000
@@ -835,8 +835,8 @@ sub trans
 
     # custom used-specified domains
     if ($LJ::OTHER_VHOSTS && !$skip_domain_checks &&
-        $host ne $LJ::DOMAIN_WEB &&
-        $host ne $LJ::DOMAIN && $host =~ /\./ &&
+        $host !~ /$LJ::DOMAIN$/ &&
+        $host =~ /\./ &&
         $host =~ /[^\d\.]/)
     {
         my $dbr = LJ::get_db_reader();
diff -r 9334c6a03bff -r f352e74e27cf cgi-bin/LJ/Setting/DomainMapping.pm
--- a/cgi-bin/LJ/Setting/DomainMapping.pm	Tue Jul 07 14:21:45 2009 +0000
+++ b/cgi-bin/LJ/Setting/DomainMapping.pm	Tue Jul 07 14:26:40 2009 +0000
@@ -27,6 +27,7 @@ sub save {
     }
 
     $class->errors(domainname => "Bogus domain name") if $domainname =~ /\s+/;
+    $class->errors(domainname => "Can't point to a domain on this site") if $domainname =~ /$LJ::DOMAIN\b/;
 
     # Blank domain = delete mapping
     if ($domainname eq "") {
diff -r 9334c6a03bff -r f352e74e27cf htdocs/manage/domain.bml
--- a/htdocs/manage/domain.bml	Tue Jul 07 14:21:45 2009 +0000
+++ b/htdocs/manage/domain.bml	Tue Jul 07 14:26:40 2009 +0000
@@ -58,6 +58,8 @@ body<=
 
             # Strip off trailing '.', and any path or port the user might have entered.
             $dom =~ s!\.([:/].+)?$!!;
+
+            return LJ::bad_input( $ML{'.error.samedomainalias'} ) if $dom =~ /$LJ::DOMAIN\b/;
 
             if ( ( $dom_cap && !$dom ) || ( !$dom_cap && $POST{journaldomain_del} ) ) {
                 $dbh->do( "DELETE FROM domains WHERE userid=?", undef, $u->{userid} );
diff -r 9334c6a03bff -r f352e74e27cf htdocs/modify_do.bml.text
--- a/htdocs/modify_do.bml.text	Tue Jul 07 14:21:45 2009 +0000
+++ b/htdocs/modify_do.bml.text	Tue Jul 07 14:26:40 2009 +0000
@@ -36,6 +36,8 @@
 .done.text=When done, press the "Save Changes" button below...
 
 .error.dupdomainalias=Another user has already registered themselves as using your selected domain alias.
+
+.error.samedomainalias=You can't point to a domain on this site.
 
 .error.stylenotavailable=One of the styles you've selected is not available.  This is either the result of somebody deleting the style, or you trying to pick one that you don't have access to.
 
--------------------------------------------------------------------------------