Fix SPF multiple records validation

ebdc1c77 · Webslice · Marius Burkard · 0589b0b2 · ebdc1c77 · ebdc1c77
Commit ebdc1c77 authored 5 years ago by Webslice Committed by Marius Burkard 5 years ago
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -157,7 +157,7 @@ class page_action extends tform_actions {
 		} // end if user is not admin
 		
 		// Check that the record does not yet exist
-		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE id != ? AND zone = ? AND name = ? AND type = 'TXT'", $this->dataRecord['id'], $_POST['zone'], $_POST['name']);
+		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ? AND name = ? AND type = 'TXT' AND data LIKE 'v=spf1%'", $_POST['zone'], $_POST['name']);
 		if (!empty($existing_records)) {
 			if (count($existing_records) > 1) {
 				$multiple_existing_records_error_txt = $app->tform->wordbook['spf_record_exists_multiple_txt'];
@@ -166,13 +166,18 @@ class page_action extends tform_actions {
 				$app->error($multiple_existing_records_error_txt);
 			}

+			// If there is just one existing record, three things can be going on:
+			// - if we are adding a new record, show a warning that it already exists and offer to edit it
+			// - if we are editing an existing record and changing its 'name' field to one that is already existing, also show the warning
+			// - otherwise we are just editing the existing the record, so there is no need for a warning
 			$existing_record = array_pop($existing_records);
-			
-			$existing_record_error_txt = $app->tform->wordbook['spf_record_exists_txt'];
-			$existing_record_error_txt = str_replace('{hostname}', $_POST['name'], $existing_record_error_txt);
-			$existing_record_error_txt = str_replace('{existing_record_id}', $existing_record['id'], $existing_record_error_txt);
+			if (empty($this->dataRecord['id']) || ($this->dataRecord['id'] !== $existing_record['id'])) {
+				$existing_record_error_txt = $app->tform->wordbook['spf_record_exists_txt'];
+				$existing_record_error_txt = str_replace('{hostname}', $_POST['name'], $existing_record_error_txt);
+				$existing_record_error_txt = str_replace('{existing_record_id}', $existing_record['id'], $existing_record_error_txt);

-			$app->error($existing_record_error_txt);
+				$app->error($existing_record_error_txt);
+			}
 		}

 		// Create spf-record

--- a/interface/web/dns/dns_txt_edit.php
+++ b/interface/web/dns/dns_txt_edit.php
@@ -53,7 +53,7 @@ class page_action extends dns_page_action {
 		}

 		// Redirect to SPF wizard if we detect a SPF record
-		if (!empty($this->dataRecord['data'])) {
+		if ('GET' === $_SERVER['REQUEST_METHOD'] && !empty($this->dataRecord['data'])) {
 			if ('v=spf1' === mb_substr($this->dataRecord['data'], 0, 6)) {
 				header(sprintf('Location: dns_spf_edit.php?id=%d', $this->dataRecord['id']));
 				exit;