From f53b3bd04e46cde9617d9fd9aa2ce63b2b70887f Mon Sep 17 00:00:00 2001
From: allan <allan@xfiles.dk>
Date: Mon, 3 Nov 2025 09:37:46 +0100
Subject: [PATCH] extended input validation

---
 wordpressinstall | 49 +++++++++++++++++++++++++++++++++++-------------
 1 file changed, 36 insertions(+), 13 deletions(-)

diff --git a/wordpressinstall b/wordpressinstall
index 0074102..9e98dd3 100755
--- a/wordpressinstall
+++ b/wordpressinstall
@@ -65,17 +65,6 @@ usage() {
     printf -- "  -h | -help | --help   Show this help screen\n\n"
 }
 
-#
-# Function inputcheck
-#
-inputcheck () {
-    [[ -z "$hostname" ]]   && { usage; echo ""; echo "Error! Hostname empty."; echo ""; exit 1; }
-    [[ "$hostname" =~ [[:space:]/] ]] && { echo "ERROR: DOMAIN INVALID (no spaces or slashes allowed)"; exit 1; }
-    [[ -z "$dbname" ]]     && { usage; echo ""; echo "Error! Database name empty."; echo ""; exit 1; }
-    [[ -z "$dbuser" ]]     && { usage; echo ""; echo "Error! Database user empty."; echo ""; exit 1; }
-    [[ -z "$dbpass" ]]     && { usage; echo ""; echo "Error! Database password empty."; echo ""; exit 1; }
-}
-
 #
 # Let's go
 #
@@ -109,9 +98,43 @@ while getopts ":n:d:u:p:m:a:h" option; do
 done
 
 #
-# Check if input conditions are met
+# Parse and validate input
 #
-inputcheck "$hostname" "$dbname" "$dbuser" "$dbpass"
+if [[ -z "$hostname" || -z "$dbname" || -z "$dbuser" || -z "$dbpass" ]]; then
+    usage
+    printf "\nERROR: Missing required arguments.\n"
+    printf "Hostname (-n), Database name (-d), User (-u), and Password (-p) are mandatory.\n\n"
+    exit 1
+fi
+
+# Convert to lowercase (domains are case-insensitive)
+hostname=$(echo "$hostname" | tr '[:upper:]' '[:lower:]')
+
+# Disallow leading hyphen
+if [[ "$hostname" =~ ^- ]]; then
+    printf "\nERROR: Domain cannot start with a hyphen.\n"
+    printf "Example of valid input: wp.example.com\n\n"
+    exit 1
+fi
+
+# Disallow spaces, slashes, underscores
+if [[ "$hostname" =~ [[:space:]/_] ]]; then
+    printf "\nERROR: Domain cannot contain spaces, slashes, or underscores.\n\n"
+    exit 1
+fi
+
+# Validate domain format (RFC 1123)
+if [[ ! "$hostname" =~ ^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$ ]]; then
+    printf "\nERROR: Invalid domain format.\n"
+    printf "Example of valid input: wp.example.com\n\n"
+    exit 1
+fi
+
+# Check for spaces in DB credentials
+if [[ "$dbname" =~ [[:space:]] || "$dbuser" =~ [[:space:]] || "$dbpass" =~ [[:space:]] ]]; then
+    printf "\nERROR: Database name, user, and password cannot contain spaces.\n\n"
+    exit 1
+fi
 
 #
 # Download, install, and configure the latest WordPress version