From 5a7449555acad21ecf0fe06ae9a0f1792ff0983e Mon Sep 17 00:00:00 2001
From: clk <clk@teuto.net>
Date: Fri, 5 Jan 2024 15:04:26 +0100
Subject: [PATCH 1/2] Fixed cname validation issue 6627

---
 interface/web/dns/dns_cname_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interface/web/dns/dns_cname_edit.php b/interface/web/dns/dns_cname_edit.php
index e2fde267d2..63787c61e1 100644
--- a/interface/web/dns/dns_cname_edit.php
+++ b/interface/web/dns/dns_cname_edit.php
@@ -48,7 +48,7 @@ class page_action extends dns_page_action {
 	protected function checkDuplicate() {
 		global $app;
 		//* Check for duplicates where IP and hostname are the same
-		$tmp = $app->db->queryOneRecord("SELECT count(id) as number FROM dns_rr WHERE (type = 'A' AND name = ? AND zone = ? and id != ?) OR (type = 'AAAA' AND name = ? AND zone = ? and id != ?) OR (type = 'CNAME' AND name = ? AND zone = ? and id != ?) OR (type = 'DNAME' AND name = ? AND zone = ? and id != ?) OR (type = 'ALIAS' AND name = ? AND zone = ? and id != ?)", $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
+		$tmp = $app->db->queryOneRecord("SELECT count(dns_rr.id) as number FROM dns_rr LEFT JOIN dns_soa ON dns_rr.zone = dns_soa.id WHERE (( name = replace(?, concat('.', dns_soa.origin), '') or name = ? or name = concat(?,'.', dns_soa.origin)) and dns_rr.id != ?)", $this->dataRecord["name"], $this->dataRecord["name"], $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
 		if($tmp['number'] > 0) return true;
 		return false;
 	}
-- 
GitLab


From a98986f81eb5ed37a3814e12f06098ca083b32c8 Mon Sep 17 00:00:00 2001
From: clk <clk@teuto.net>
Date: Mon, 8 Jan 2024 13:19:10 +0100
Subject: [PATCH 2/2] Fixed missing zone validation

---
 interface/web/dns/dns_cname_edit.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/interface/web/dns/dns_cname_edit.php b/interface/web/dns/dns_cname_edit.php
index 63787c61e1..1a18098892 100644
--- a/interface/web/dns/dns_cname_edit.php
+++ b/interface/web/dns/dns_cname_edit.php
@@ -48,7 +48,7 @@ class page_action extends dns_page_action {
 	protected function checkDuplicate() {
 		global $app;
 		//* Check for duplicates where IP and hostname are the same
-		$tmp = $app->db->queryOneRecord("SELECT count(dns_rr.id) as number FROM dns_rr LEFT JOIN dns_soa ON dns_rr.zone = dns_soa.id WHERE (( name = replace(?, concat('.', dns_soa.origin), '') or name = ? or name = concat(?,'.', dns_soa.origin)) and dns_rr.id != ?)", $this->dataRecord["name"], $this->dataRecord["name"], $this->dataRecord["name"], $this->dataRecord["zone"], $this->id);
+		$tmp = $app->db->queryOneRecord("SELECT count(dns_rr.id) as number FROM dns_rr LEFT JOIN dns_soa ON dns_rr.zone = dns_soa.id WHERE (( name = replace(?, concat('.', dns_soa.origin), '') or name = ? or name = concat(?,'.', dns_soa.origin)) and dns_rr.id != ? and dns_rr.zone = ?)", $this->dataRecord["name"], $this->dataRecord["name"], $this->dataRecord["name"], $this->dataRecord["zone"], $this->id, $this->dataRecord["zone"]);
 		if($tmp['number'] > 0) return true;
 		return false;
 	}
-- 
GitLab