From 67eea8c1acc3b5b67a26e52e1b86410a8cc13e2e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 19 Aug 2020 16:16:19 +0200
Subject: [PATCH] Prevent adding *.woltlab.com update servers

---
 .../files/lib/acp/form/PackageUpdateServerAddForm.class.php  | 5 +++++
 wcfsetup/install/lang/de.xml                                 | 1 +
 wcfsetup/install/lang/en.xml                                 | 1 +
 3 files changed, 7 insertions(+)
diff --git a/wcfsetup/install/files/lib/acp/form/PackageUpdateServerAddForm.class.php b/wcfsetup/install/files/lib/acp/form/PackageUpdateServerAddForm.class.php
index 932d8ce09b..3ba6f325e0 100755
--- a/wcfsetup/install/files/lib/acp/form/PackageUpdateServerAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/PackageUpdateServerAddForm.class.php
@@ -9,6 +9,7 @@ use wcf\system\request\LinkHandler;
 use wcf\system\WCF;
 use wcf\system\WCFACP;
 use wcf\util\StringUtil;
+use wcf\util\Url;
 
 /**
  * Shows the server add form.
@@ -79,6 +80,10 @@ class PackageUpdateServerAddForm extends AbstractForm {
 			throw new UserInputException('serverURL', 'invalid');
 		}
 		
+		if (preg_match('/^.*\.woltlab.com$/', Url::parse($this->serverURL)['host'])) {
+			throw new UserInputException('serverURL', 'woltlab');
+		}
+		
 		if (($duplicate = $this->findDuplicateServer())) {
 			throw new UserInputException('serverURL', [
 				'duplicate' => $duplicate,
diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index 79a862faf3..33d146ad06 100644
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -2783,6 +2783,7 @@ Kein Abschnitt darf leer sein und alle Abschnitten dÃ¼rfen nur folgende Zeichen
 		<item name="wcf.acp.updateServer.packages"><![CDATA[Pakete]]></item>
 		<item name="wcf.acp.updateServer.serverURL"><![CDATA[Adresse]]></item>
 		<item name="wcf.acp.updateServer.serverURL.error.invalid"><![CDATA[Die eingetragene Adresse ist ungÃ¼ltig.]]></item>
+		<item name="wcf.acp.updateServer.serverURL.error.woltlab"><![CDATA[Die offiziellen Paketserver sind bereits hinterlegt und korrekt konfiguriert.]]></item>
 		<item name="wcf.acp.updateServer.serverURL.error.duplicate"><![CDATA[Dieser Paketserver ist bereits hinterlegt. {if LANGUAGE_USE_INFORMAL_VARIANT}Du kannst{else}Sie kÃ¶nnen{/if} <a href="{link controller="PackageUpdateServerEdit" id=$errorType[duplicate]->packageUpdateServerID}{/link}"><strong>den bestehenden Paketserver bearbeiten</strong></a>.]]></item>
 		<item name="wcf.acp.updateServer.status"><![CDATA[Status]]></item>
 		<item name="wcf.acp.updateServer.lastUpdateTime"><![CDATA[Letzter Zugriff]]></item>
diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index ed5600a9ff..9499a85669 100644
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -2710,6 +2710,7 @@ If you have <strong>already bought the licenses for the listed apps</strong>, th
 		<item name="wcf.acp.updateServer.packages"><![CDATA[Packages]]></item>
 		<item name="wcf.acp.updateServer.serverURL"><![CDATA[Address]]></item>
 		<item name="wcf.acp.updateServer.serverURL.error.invalid"><![CDATA[The address is invalid.]]></item>
+		<item name="wcf.acp.updateServer.serverURL.error.woltlab"><![CDATA[The official servers are already stored and correctly configured.]]></item>
 		<item name="wcf.acp.updateServer.serverURL.error.duplicate"><![CDATA[The given server is already configured. You can <a href="{link controller="PackageUpdateServerEdit" id=$errorType[duplicate]->packageUpdateServerID}{/link}"><strong>edit the existing server</strong></a>.]]></item>
 		<item name="wcf.acp.updateServer.status"><![CDATA[Status]]></item>
 		<item name="wcf.acp.updateServer.lastUpdateTime"><![CDATA[Last Access]]></item>
-- 
2.20.1

