Ensure secret IDs are set and are at least 10 characters long.HEADmaster

1 files changed, 3 insertions, 3 deletions

diff --git a/dns.php b/dns.php
index 7ca8174..2f93759 100644
--- a/dns.php
+++ b/dns.php
@@ -139,7 +139,7 @@ function writezone($domain, $zonetext, $password = null) {
 
 // Main entry point
 
-if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) {
+if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash']) && strlen($_GET['hash']) > 10) {
   // Some sort of mode (at the moment only "update" is supported
   if ($_GET['mode'] == "update") {
     // An auto update is being requested. This is where one or more zone records
@@ -213,7 +213,7 @@ if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) {
       echo "<p>record&#40;s&#41; updated :)</p>";
     }
 
-  } else if ($_GET['mode'] == "txt" && isset($_POST['record'])) {
+  } else if ($_GET['mode'] == "txt" && isset($_POST['record']) && isset($_GET['hash']) && strlen($_GET['hash']) > 10) {
     $zonetext = getzone($_GET['zone']);
     // Only use \n for newlines
     $zonetext = str_replace("\r", "", $zonetext);
@@ -281,7 +281,7 @@ if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) {
 ?>
     <p>1. Your zonefile is below.</p>
     <p>2. Ensure the first line always ends with a SHA-256 hash of your chosen password.</p>
-    <p>3. To automatically update a particular A or AAAA record with the source IP address of your request, give the line a comment ending with a secret ID &#40;e.g. a SHA-256 hash&#41;, e.g.:</p>
+    <p>3. To automatically update a particular A or AAAA record with the source IP address of your request, give the line a comment ending with a secret ID at least 10 characters long &#40;e.g. a SHA-256 hash&#41;, e.g.:</p>
     <pre>
 test    300     IN      A       192.168.0.1 ; sha256 = 7f480e744a79953eb916b68f540e0eeec6f9cf23edf4aa08cc1cdf5f077c0f6f
 test    300     IN      AAAA    ::1 ; sha256 = b493d48364afe44d11c0165cf470a4164d1e2609911ef998be868d46ade3de4e