validateHostname Should Accept Uppercase Characters

[Jonathan]

Currently the validateHostname() function in most modules looks something like this:

   /**
     * Validates that the given hostname is valid
     *
     * @param string $host_name The host name to validate
     * @param bool $require_fqdn True to require a FQDN (e.g. host.domain.com),
     *  or false for a partial name (e.g. domain.com) (optional, default false)
     * @return bool True if the hostname is valid, false otherwise
     */
    public function validateHostName($host_name, $require_fqdn = false)
    {
        if (strlen($host_name) > 255) {
            return false;
        }

        $octet = "([a-z0-9]|[a-z0-9][a-z0-9\-]{0,61}[a-z0-9])";
        $nested_octet = "(\." . $octet . ')';
        $hostname_regex = '/^' . $octet . $nested_octet . ($require_fqdn ? $nested_octet : '') . '+$/';

        return $this->Input->matches($host_name, $hostname_regex);
    }

While sure hostnames shouldn't contain uppercase characters (my opinion), it's perfectly valid RFC and we shouldn't cause undue burden on the customer with vague rejection messages that what they entered isn't a valid domain/hostname simply because it contains uppercase letters.

A better solution would be to update the regex to accept A-z and then in the modules run it through strtolower().

[Paul]

Maybe we can start a list of modules affected, which are you personally seeing this with? We would have to create a task for every module we intend to update.

I agree that upper shouldn't be rejected, and that it should be run through strtolower() before it is sent through any API or saved to the database. Most of us never consider using an uppercase letter in a hostname, so it's a kind of edge case.

[Jonathan]

4 minutes ago, Paul said:

so it's a kind of edge case

Not for the customers that are confused by this on a daily basis while trying to order.

I know cPanel and SolusVM are both impacted.  Beyond that I'm not sure but a quick search for modules that define "validateHostName" as a function, it's quite a few beyond this!

[mrrsm]

It looks like almost any module that accepts a hostname uses that check to validate it.

PHP offers FILTER_VALIDATE_DOMAIN that you can use with filter_var to check a hostname (along with the flag FILTER_FLAG_HOSTNAME in php 7+) which which would provide a more robust checking mechanism.  This still would have issues with internationalized domain names but covers a large majority of cases.

On the other hand if you fix this yourself, adding support for IDN's would be something nice as well as they seem to be gaining popularity.

[Jonathan]

@Paul can we get a task on this for 4.4?  I'd rather not have to manually patch this every update

[Jonathan]

Would love if we could get some traction on this.  It's stupid simple, and insanely annoying for customers.

[Paul]

Additionally I've created the Epic https://dev.blesta.com/browse/CORE-2832 and we have 2 modules apart of that: Vultr and cPanel. Is anyone aware of any other modules that this is an issue with? We need a task for each that we'll be updating, and I am not able to look at them all right now.

[Jonathan]

Perfect!

SolusVM is impacted as well.

[Paul]

4 minutes ago, Jonathan said:

Perfect!

SolusVM is impacted as well.

Great, thanks a task for SolusVM has been created as well.

[Blesta Addons]

mabe modules like Plesk, Interworx, Proxmox, centoswebpanel, tcadmin ...ect

i think it would be preferably if the function is added to module.php, then any other module can herite the fucntion and call it when is needed.