New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] DNS records with a newline or tab in them cause a 500 error in the web interface #4197
Comments
Hi I cant reproduce this, from where can copy some record ? I try copy record from old dns manage ( 4psa ) and when copy this add some tabs, but hestia just say is invalid record. |
Hello - Simon |
I'd be interested in fixing this, as it hints to failing input sanitation. Can you please provide some text that breaks it? |
My original issue appeared to be due to copy and pasting a DNS entry that started with a space, not a CR as previously described, so something like this:
I have since seen a similar issue with a customer copying and pasting a line in a similar way, leaving in spaces and quotes, something like this:
|
I can't seem to replicate this on Debian 11 with Hestia 1.8.11. Can you provide more information - which field do you use to paste the "bad text" ? |
I think I've managed to reproduce the combination that caused the original issue as I'm copying and pasting more links from the application. It looks like the character combination is a space, then a right angled bracket ('>') then a tab. |
Describe the bug
This is probably an edge issue but I am currently manually synchronising records between a legacy web based DNS management system and a Hestia based system by copying and pasting prior to migration, and if the entries, specifically SPF records, are copied direct from the web site to the Hestia record editing page, they include a tab at the beginning of the copied text. The record is saved, but attempting to go back to the zone page returns a 500 error. Editing the zone manually does not resolve the issue and the only way I have found to do it is to restore from a backup.
If I copy the copied text into a text editor and copy to the Hestia interface from there, it works, so there is a workaround, however this suggests to me that TXT records are not being escaped fully.
Tell us how to replicate the bug
Which components are affected by this bug?
Control Panel Web Interface
Hestia Control Panel Version
1.8.11
Operating system
Debian 12
Log capture
No response
The text was updated successfully, but these errors were encountered: