From 7d2956e46d11ef3d1ce1e3188fb0cd007c6a190c Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Mon, 23 Oct 2017 21:02:43 -0700
Subject: [PATCH] Sanity check virtual server hostnames

---
 apache/create_virt.cgi | 3 +++
 apache/save_vserv.cgi  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/apache/create_virt.cgi b/apache/create_virt.cgi
index 5354c00b1..e9621f3b4 100755
--- a/apache/create_virt.cgi
+++ b/apache/create_virt.cgi
@@ -58,6 +58,9 @@ else {
 if (!$in{'name_def'}) {
 	@names = split(/\s+/, $in{'name'});
 	@names || &error(&text('cvirt_ename', $in{'name'}));
+	foreach my $n (@names) {
+		$n =~ /^[a-z0-9\.\_\-]+$/i || &error(&text('vserv_ename', $n));
+		}
 	}
 
 # Check if the virtual server already exists
diff --git a/apache/save_vserv.cgi b/apache/save_vserv.cgi
index 38717bb0b..0355d6da9 100755
--- a/apache/save_vserv.cgi
+++ b/apache/save_vserv.cgi
@@ -98,7 +98,7 @@ else {
 
 	# Check server name
 	if (!$in{'name_def'}) {
-		$in{'name'} =~ /^\S+$/ ||
+		$in{'name'} =~ /^[a-z0-9\.\_\-]+$/i ||
 			&error(&text('vserv_ename', $in{'name'}));
 		$name = $in{'name'};
 		}