When adding a domain, flag if no SOA record exists (prevents most sub-domains)

2025-11-06 10:41:52 +00:00 · 2025-11-06 10:41:52 +00:00 · 3813fbf8f2
parent 16001f8d4e
commit 3813fbf8f2
3 changed files with 43 additions and 2 deletions
--- a/agent/ajax.php
+++ b/agent/ajax.php
@ -971,3 +971,24 @@ if (isset($_GET['ai_ticket_summary'])) {

    echo $summary; // nl2br to convert newlines to <br>, htmlspecialchars to prevent XSS
 }
+
+// Stops people trying to use sub-domains in the domains tracker
+if (isset($_GET['apex_domain_check'])) {
+    enforceUserPermission('module_support', 2);
+
+    $domain = sanitizeInput($_GET['domain']);
+
+    $response['message'] = ""; // default
+
+    if (strlen($domain) >= 4) {
+
+        // SOA record check
+        //  This isn't 100%, as sub-domains can have their own SOA but will capture 99%
+        if (!checkdnsrr($domain, 'SOA')) {
+            $response['message'] = "<i class='fas fa-fw fa-exclamation-triangle mr-2'></i> Domain name is invalid.";
+        }
+
+    }
+
+    echo json_encode($response);
+}
--- a/agent/modals/contact/contact_add.php
+++ b/agent/modals/contact/contact_add.php
@ -349,7 +349,7 @@ $(document).ready(function() {
        //Send a GET request to ajax.php as ajax.php?contact_email_check=true&email=email
        jQuery.get(
            "ajax.php",
-            {contact_email_check: 'email', email: email},
+            {contact_email_check: 'true', email: email},
            function(data) {
                //If we get a response from ajax.php, parse it as JSON
                const contact_check_data = JSON.parse(data);
--- a/agent/modals/domain/domain_add.php
+++ b/agent/modals/domain/domain_add.php
@ -65,7 +65,10 @@ ob_start();
                        <div class="input-group-prepend">
                            <span class="input-group-text"><i class="fa fa-fw fa-globe"></i></span>
                        </div>
-                        <input type="text" class="form-control" name="name" placeholder="example.com" maxlength="200" required autofocus>
+                        <input type="text" class="form-control" name="name" id="domain_name" placeholder="example.com" maxlength="200" required autofocus onfocusout="domain_check()">
+                    </div>
+                    <div class="mt-2">
+                        <span class="text-info" id="domain_check_info"></span>
                    </div>
                </div>

@ -193,6 +196,23 @@ ob_start();
    </div>
 </form>

+<script>
+    // Checks domains aren't sub-domains (99%)
+    function domain_check() {
+        var domain = document.getElementById("domain_name").value;
+        //Send a GET request to ajax.php as ajax.php?apex_domain_check=true&domain=domain
+        jQuery.get(
+            "ajax.php",
+            {apex_domain_check: 'true', domain: domain},
+            function(data) {
+                //If we get a response from ajax.php, parse it as JSON
+                const domain_check_data = JSON.parse(data);
+                document.getElementById("domain_check_info").innerHTML = domain_check_data.message;
+            }
+        );
+    }
+</script>
+
 <?php

 require_once '../../../includes/modal_footer.php';