From 713b62215067901df0a171fdd5e172c37650f4a0 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Tue, 4 Jul 2023 21:54:47 +0200
Subject: [PATCH 1/5] Initialize new SPF record to have a hostname, #6537

---
 interface/web/dns/dns_spf_edit.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index 20626ba159..fe1f20e8fa 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -109,6 +109,11 @@ class page_action extends tform_actions {
 			$spf_domain = rtrim($spf_domain);
 			$spf_mechanism = substr($rec['data'], -4, 1);
 		}
+		else {
+			$sql = "SELECT origin FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
+			$rec = $app->db->queryOneRecord($sql, $app->functions->intval($_REQUEST["zone"]));
+			$app->tpl->setVar("name", $rec['origin'], true);
+		}
 
 		//set html-values
 		$app->tpl->setVar("spf_ip", $spf_ip, true);
-- 
GitLab


From dfdab8a1b538e15c82282a785320630d6bdd8c85 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Tue, 4 Jul 2023 21:55:12 +0200
Subject: [PATCH 2/5] Better detect an existing spf record, #6537

'' and 'example.com.' are effectively the same.
---
 interface/web/dns/dns_spf_edit.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index fe1f20e8fa..7e090c5226 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -162,7 +162,9 @@ class page_action extends tform_actions {
 		} // end if user is not admin
 		
 		// Check that the record does not yet exist
-		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ? AND name = ? AND type = 'TXT' AND data LIKE 'v=spf1%'", $_POST['zone'], $_POST['name']);
+		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ? AND (name = ? OR (name = ? AND ? = '') OR (name = '' AND ? = ?)) AND type = 'TXT' AND data LIKE 'v=spf1%'",
+													$_POST['zone'], $_POST['name'], $soa['origin'], $_POST['name'], $_POST['name'], $soa['origin'] );
+
 		if (!empty($existing_records)) {
 			if (count($existing_records) > 1) {
 				$multiple_existing_records_error_txt = $app->tform->wordbook['spf_record_exists_multiple_txt'];
-- 
GitLab


From 8fe6d116b1f16914a88a3a989f46cec5bfe106dc Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Sun, 23 Jul 2023 17:26:39 +0200
Subject: [PATCH 3/5] Rewrite to improve readability

---
 interface/web/dns/dns_spf_edit.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index 7e090c5226..d2e7c1eeab 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -161,9 +161,16 @@ class page_action extends tform_actions {
 			}
 		} // end if user is not admin
 		
-		// Check that the record does not yet exist
-		$existing_records = $app->db->queryAllRecords("SELECT id FROM dns_rr WHERE zone = ? AND (name = ? OR (name = ? AND ? = '') OR (name = '' AND ? = ?)) AND type = 'TXT' AND data LIKE 'v=spf1%'",
-													$_POST['zone'], $_POST['name'], $soa['origin'], $_POST['name'], $_POST['name'], $soa['origin'] );
+		// Check that the record does not yet exist.
+		// '' and 'example.com.' are effectively the same name.
+		$existing_records = $app->db->queryAllRecords("SELECT r.*, s.origin FROM dns_rr r
+					LEFT JOIN dns_soa s ON (r.zone=s.id)
+					WHERE zone = ? AND type = 'TXT' AND data LIKE 'v=spf1%' AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
+		foreach ($existing_records as $key => $r) {
+			if (!empty($r['name']) && $re['name'] != $r['origin'] ) {
+				unset($existing_records[$key]);
+			}
+		}
 
 		if (!empty($existing_records)) {
 			if (count($existing_records) > 1) {
-- 
GitLab


From 07ebb1ffb02d1840b8982100c4d2e3d5bcf5dfbc Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Wed, 13 Mar 2024 12:15:46 +0100
Subject: [PATCH 4/5] Revert to sql because of bugs... but cleaner with a JOIN
 and more comments

---
 interface/web/dns/dns_spf_edit.php | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index d2e7c1eeab..30eeacb931 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -110,6 +110,7 @@ class page_action extends tform_actions {
 			$spf_mechanism = substr($rec['data'], -4, 1);
 		}
 		else {
+			// Set the domainname itself as default name, to indicatie it's not for a subdomain.
 			$sql = "SELECT origin FROM dns_soa WHERE id = ? AND " . $app->tform->getAuthSQL('r');
 			$rec = $app->db->queryOneRecord($sql, $app->functions->intval($_REQUEST["zone"]));
 			$app->tpl->setVar("name", $rec['origin'], true);
@@ -162,15 +163,15 @@ class page_action extends tform_actions {
 		} // end if user is not admin
 		
 		// Check that the record does not yet exist.
-		// '' and 'example.com.' are effectively the same name.
+		// '' and 'example.com.' are effectively the same name so we also look for those variants.
 		$existing_records = $app->db->queryAllRecords("SELECT r.*, s.origin FROM dns_rr r
 					LEFT JOIN dns_soa s ON (r.zone=s.id)
-					WHERE zone = ? AND type = 'TXT' AND data LIKE 'v=spf1%' AND " . $app->tform->getAuthSQL('r'), $_POST['zone']);
-		foreach ($existing_records as $key => $r) {
-			if (!empty($r['name']) && $re['name'] != $r['origin'] ) {
-				unset($existing_records[$key]);
-			}
-		}
+					WHERE zone = ? AND (name = ? /* an exact match */
+										OR (name = s.origin AND ? = '') /* e.g. name = 'example.com.' and we're posting an empty value */
+										OR (name = '' AND s.origin = ?) /* e.g. name is empty and we're posting e.g. 'example.com' */ )
+						AND type = 'TXT' AND data LIKE 'v=spf1%'
+						AND " . $app->tform->getAuthSQL('r'),
+					$_POST['zone'], $_POST['name'], $_POST['name'], $_POST['name']);
 
 		if (!empty($existing_records)) {
 			if (count($existing_records) > 1) {
-- 
GitLab


From db06d10d6bcd8298fa60d2c4050a85204e5b389d Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Fri, 12 Apr 2024 23:19:29 +0200
Subject: [PATCH 5/5] Fix getAuthSQL to include table name(reference)

Without it it caused: Column 'sys_userid' in where clause is ambiguous
---
 interface/web/dns/dns_spf_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interface/web/dns/dns_spf_edit.php b/interface/web/dns/dns_spf_edit.php
index 30eeacb931..ecfa6c3212 100644
--- a/interface/web/dns/dns_spf_edit.php
+++ b/interface/web/dns/dns_spf_edit.php
@@ -170,7 +170,7 @@ class page_action extends tform_actions {
 										OR (name = s.origin AND ? = '') /* e.g. name = 'example.com.' and we're posting an empty value */
 										OR (name = '' AND s.origin = ?) /* e.g. name is empty and we're posting e.g. 'example.com' */ )
 						AND type = 'TXT' AND data LIKE 'v=spf1%'
-						AND " . $app->tform->getAuthSQL('r'),
+						AND " . $app->tform->getAuthSQL('r', 'r'),
 					$_POST['zone'], $_POST['name'], $_POST['name'], $_POST['name']);
 
 		if (!empty($existing_records)) {
-- 
GitLab