Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not return 'false' if IDNA<->UNICODE conversion fails #2479

Merged
merged 1 commit into from
Jan 22, 2023

Conversation

yubiuser
Copy link
Member

@yubiuser yubiuser commented Jan 5, 2023

What does this PR aim to accomplish?:

When we try IDNA to unicode conversion (or vice versa) the functions fails if the entered string is not a valid domain (e.g. to long).

https://github.com/pi-hole/AdminLTE/blob/ad2d43869e9ad97cc3a8c5afc6fefec0e142a972/scripts/pi-hole/php/func.php#L629-L666

However, we usually immediately check the returned string right after conversion for validity and return a meaningful error message.

https://github.com/pi-hole/AdminLTE/blob/ad2d43869e9ad97cc3a8c5afc6fefec0e142a972/scripts/pi-hole/php/func.php#L13-L43

The issue occurs, when the conversion fails and no domain is entering validDomain(): it will always fail with the first (negative) matching test ("invalid characters") even if the reason is another one (e.g. too long domain).
(This can be simply tested by trying to add a blacklist entry with one label >63 chars)

This PR mitigates the issue by checking if the conversion failed and returning the non-converted string.


By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code and I have tested my changes.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)
  6. I have checked that another pull request for this purpose does not exist.
  7. I have considered, and confirmed that this submission will be valuable to others.
  8. I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
  9. I give this submission freely, and claim no ownership to its content.

  • I have read the above and my PR is ready for review. Check this box to confirm

@yubiuser yubiuser requested review from rdwebdesign and a team January 5, 2023 22:36
@yubiuser yubiuser added the PR: Code Review Required Open Pull Request, needs code reviewed label Jan 5, 2023
Copy link
Member

@PromoFaux PromoFaux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the addition of renaming the functions parameter variable - it makes things easier to read

@PromoFaux PromoFaux merged commit 124d12e into devel Jan 22, 2023
@PromoFaux PromoFaux deleted the fix/invalid branch January 22, 2023 14:10
@pralor-bot
Copy link

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/pi-hole-web-v5-18-2-and-core-v5-15-1-released/60695/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
PR: Code Review Required Open Pull Request, needs code reviewed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants