From d3c977a5f38b162832d6c73c51d6802a1cf0884f Mon Sep 17 00:00:00 2001
From: Al Beano <albino@autistici.org>
Date: Mon, 17 Jul 2017 20:23:15 +0100
Subject: [PATCH] AJAX warning if a user enters an invalid domain

---
 lib/cyberman/API.pm     |  6 ++++++
 lib/cyberman/Domains.pm |  4 ++--
 lib/cyberman/Helper.pm  | 11 ++++++++++-
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/lib/cyberman/API.pm b/lib/cyberman/API.pm
index be5db81..bd24d51 100644
--- a/lib/cyberman/API.pm
+++ b/lib/cyberman/API.pm
@@ -2,6 +2,8 @@ package cyberman::API;
 use Dancer2 appname => "cyberman";
 use Dancer2::Plugin::Database;
 
+use cyberman::Helper;
+
 get '/api/check_availability' => sub {
   # No auth req'd
   # returns 'y' or 'n'
@@ -12,6 +14,10 @@ get '/api/check_availability' => sub {
     return "n";
   }
 
+  if (!check_name(param "name")) {
+    return "n";
+  }
+
   my $result = database->quick_select(
     "domain",
     {
diff --git a/lib/cyberman/Domains.pm b/lib/cyberman/Domains.pm
index 9de2051..c61963a 100644
--- a/lib/cyberman/Domains.pm
+++ b/lib/cyberman/Domains.pm
@@ -3,7 +3,7 @@ package cyberman::Domains;
 use Dancer2 appname => "cyberman";
 use Dancer2::Plugin::Database;
 
-use cyberman::Helper qw(auth_test);
+use cyberman::Helper;
 use if config->{"use_nsd"}, "NSD::Interface";
 
 get '/domains' => sub {
@@ -33,7 +33,7 @@ post '/domains/new' => sub {
   my $name = lc param("name");
 
   if (scalar(keys(%errs)) == 0) {
-    if (param("name") !~ m/^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$/) {
+    if (!check_name(param "name")) {
       $errs{"e_chars"} = 1;
     }
   }
diff --git a/lib/cyberman/Helper.pm b/lib/cyberman/Helper.pm
index 8cfe1b6..712b035 100644
--- a/lib/cyberman/Helper.pm
+++ b/lib/cyberman/Helper.pm
@@ -7,7 +7,7 @@ use Digest::Bcrypt;
 
 use Exporter qw(import);
 
-our @EXPORT = qw(auth_test randstring hash_password);
+our @EXPORT = qw(auth_test randstring hash_password check_name);
 
 # Helper functions
 
@@ -60,4 +60,13 @@ sub hash_password {
   return ($b->bcrypt_b64digest, $salt);
 }
 
+sub check_name {
+  my $name = shift;
+  if ($name =~ m/^[a-z0-9]([a-z0-9\-_]*[a-z0-9])?$/) {
+    return 1;
+  } else {
+    return 0;
+  }
+}
+
 1;