Enforce hostname and IPv6 validation on the static DHCP table

rdwebdesign · rdwebdesign · commit ca6118fbb4ba · 2026-04-22T19:33:41.000-03:00
Only accept valid hostnames:
  Previously, invalid hostnames were trigerring the cell highlighting,
  but invalid entries were still accepted when using the green "save"
  button. Now, hostnames are saved only if they pass the validation,
  like other values.

Only allow IPv6 enclosed in square brackets:
  The previous validation function used to validate IPv6 didn't accept
  brackets, resulting in errors when an IPv6 was typed directly on the
  table cell. A new function was created to validate IPv6 enclosed in
  brackets.

Signed-off-by: RD WebDesign &lt;github@rdwebdesign.com.br&gt;
diff --git a/scripts/js/settings-dhcp.js b/scripts/js/settings-dhcp.js
@@ -261,13 +261,9 @@ function parseStaticDHCPLine(line) {
   const hwaddr = haveMAC ? parts[0].trim() : "";
 
   // Check if the first or second part is a valid IPv4 or IPv6 address
-  const hasSquareBrackets0 = parts[0][0] === "[" && parts[0].at(-1) === "]";
-  const ipv60 = hasSquareBrackets0 ? parts[0].slice(1, -1) : parts[0];
-  const hasSquareBrackets1 = parts.length > 1 && parts[1][0] === "[" && parts[1].at(-1) === "]";
-  const ipv61 = hasSquareBrackets1 ? parts[1].slice(1, -1) : parts.length > 1 ? parts[1] : "";
-  const firstIsValidIP = utils.validateIPv4(parts[0]) || utils.validateIPv6(ipv60);
+  const firstIsValidIP = utils.validateIPv4(parts[0]) || utils.validateIPv6Brackets(parts[0]);
   const secondIsValidIP =
-    parts.length > 1 && (utils.validateIPv4(parts[1]) || utils.validateIPv6(ipv61));
+    parts.length > 1 && (utils.validateIPv4(parts[1]) || utils.validateIPv6Brackets(parts[1]));
   const ipaddr = firstIsValidIP ? parts[0].trim() : secondIsValidIP ? parts[1].trim() : "";
   const haveIP = ipaddr.length > 0;
 
@@ -294,12 +290,13 @@ $(document).on("click", ".save-static-row", function () {
 
   // Validate MAC and IP before saving
   const macValid = !hwaddr || utils.validateMAC(hwaddr);
-  const ipValid = !ipaddr || utils.validateIPv4(ipaddr) || utils.validateIPv6(ipaddr);
-  if (!macValid || !ipValid) {
+  const ipValid = !ipaddr || utils.validateIPv4(ipaddr) || utils.validateIPv6Brackets(ipaddr);
+  const nameValid = !hostname || utils.validateHostnameStrict(hostname);
+  if (!macValid || !ipValid || !nameValid) {
     utils.showAlert(
       "error",
       "fa-times",
-      "Cannot save: Invalid MAC or IP address",
+      "Cannot save: Invalid value found on the table",
       "Please correct the highlighted fields before saving."
     );
     return;
@@ -505,7 +502,7 @@ $(document).on("input blur paste", "#StaticDHCPTable td.static-hwaddr", function
 
 $(document).on("input blur paste", "#StaticDHCPTable td.static-ipaddr", function () {
   const val = $(this).text().trim();
-  if (val && !(utils.validateIPv4(val) || utils.validateIPv6(val))) {
+  if (val && !(utils.validateIPv4(val) || utils.validateIPv6Brackets(val))) {
     $(this).addClass("table-danger");
     $(this).attr("title", "Invalid IP address format");
   } else {
@@ -516,10 +513,7 @@ $(document).on("input blur paste", "#StaticDHCPTable td.static-ipaddr", function
 
 $(document).on("input blur paste", "#StaticDHCPTable td.static-hostname", function () {
   const val = $(this).text().trim();
-  // Hostnames must not contain spaces, commas, or characters invalid in DNS names
-  const hostnameValidator =
-    /^[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)*$/v;
-  if (val && !hostnameValidator.test(val)) {
+  if (val && !utils.validateHostnameStrict(val)) {
     $(this).addClass("table-danger");
     $(this).attr("title", "Invalid hostname: only letters, digits, hyphens, and dots allowed");
   } else {
diff --git a/scripts/js/utils.js b/scripts/js/utils.js
@@ -263,6 +263,18 @@ function validateIPv6(ip) {
   return validateIPv6CIDR(ipv6WithCIDR);
 }
 
+function validateIPv6Brackets(ip) {
+  // Check if the IPv6 is enclosed in brackets and return in case of failure
+  if (!ip.trim().startsWith("[") || !ip.trim().endsWith("]")) {
+    return false;
+  }
+
+  // Strip brackets before validating the IPv6
+  const ipWithoutBrackets = ip.replaceAll("[", "").replaceAll("]", "");
+  // Validate the ip
+  return validateIPv6(ipWithoutBrackets);
+}
+
 function validateMAC(mac) {
   // Format: xx:xx:xx:xx:xx:xx where each xx is 0-9 or a-f (case insensitive)
   // Also allows dashes as separator, e.g. xx-xx-xx-xx-xx-xx
@@ -275,6 +287,13 @@ function validateHostname(name) {
   return namevalidator.test(name.trim());
 }
 
+function validateHostnameStrict(name) {
+  // Hostnames must not contain spaces, commas, or characters invalid in DNS names
+  const hostnameValidator =
+    /^[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?)*$/v;
+  return hostnameValidator.test(name.trim());
+}
+
 // set bootstrap-select defaults
 function setBsSelectDefaults() {
   const bsSelectDefaults = $.fn.selectpicker.Constructor.DEFAULTS;
@@ -728,11 +747,13 @@ globalThis.utils = (function () {
     validateIPv4,
     validateIPv6CIDR,
     validateIPv6,
+    validateIPv6Brackets,
     setBsSelectDefaults,
     stateSaveCallback,
     stateLoadCallback,
     validateMAC,
     validateHostname,
+    validateHostnameStrict,
     addFromQueryLog,
     addTD,
     toPercent,
