diff options
| -rw-r--r-- | dns.php | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -139,7 +139,7 @@ function writezone($domain, $zonetext, $password = null) { // Main entry point -if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) { +if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash']) && strlen($_GET['hash']) > 10) { // Some sort of mode (at the moment only "update" is supported if ($_GET['mode'] == "update") { // An auto update is being requested. This is where one or more zone records @@ -213,7 +213,7 @@ if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) { echo "<p>record(s) updated :)</p>"; } - } else if ($_GET['mode'] == "txt" && isset($_POST['record'])) { + } else if ($_GET['mode'] == "txt" && isset($_POST['record']) && isset($_GET['hash']) && strlen($_GET['hash']) > 10) { $zonetext = getzone($_GET['zone']); // Only use \n for newlines $zonetext = str_replace("\r", "", $zonetext); @@ -281,7 +281,7 @@ if (isset($_GET['mode']) && isset($_GET['zone']) && isset($_GET['hash'])) { ?> <p>1. Your zonefile is below.</p> <p>2. Ensure the first line always ends with a SHA-256 hash of your chosen password.</p> - <p>3. To automatically update a particular A or AAAA record with the source IP address of your request, give the line a comment ending with a secret ID (e.g. a SHA-256 hash), e.g.:</p> + <p>3. To automatically update a particular A or AAAA record with the source IP address of your request, give the line a comment ending with a secret ID at least 10 characters long (e.g. a SHA-256 hash), e.g.:</p> <pre> test 300 IN A 192.168.0.1 ; sha256 = 7f480e744a79953eb916b68f540e0eeec6f9cf23edf4aa08cc1cdf5f077c0f6f test 300 IN AAAA ::1 ; sha256 = b493d48364afe44d11c0165cf470a4164d1e2609911ef998be868d46ade3de4e |