devshort

private self-hosted shortlink service
git clone https://git.clttr.info/devshort.git
Log (Feed) | Files | Refs (Tags) | README | LICENSE

commit f8fc4ea53a0e0e388ca8dcb7b05886ea7bfdf9a6
parent 5932ccaf3f4e8a383739e1ec1e917e20063976fc
Author: Florian Kaldowski <flokX@users.noreply.github.com>
Date:   Tue,  2 Apr 2019 16:39:12 +0200

Filter names and urls I (see #6)
Diffstat:
Madmin/index.php | 10++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/admin/index.php b/admin/index.php @@ -10,13 +10,18 @@ $stats_content = json_decode(file_get_contents($stats_path), true); // API functions to delete and add the shortlinks via the admin panel if (isset($_GET["delete"]) || isset($_GET["add"])) { $name = htmlspecialchars($_POST["name"]); - $link = htmlspecialchars($_POST["link"]); + $url = htmlspecialchars($_POST["link"]); if (isset($_GET["delete"])) { unset($config_content["shortlinks"][$name]); unset($stats_content[$name]); } else if (isset($_GET["add"])) { - $config_content["shortlinks"][$name] = $link; + if (!filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) { + echo "{\"status\": \"unvalid-url\"}"; + exit; + } + $name = str_replace(" ", "-", $name); + $config_content["shortlinks"][$name] = $url; $stats_content[$name] = array(); } @@ -86,6 +91,7 @@ if ($config_content["settings"]["custom_links"]) { <label class="sr-only" for="link">Link (destination)</label> <input type="text" class="form-control mb-2 mr-sm-2" id="link" placeholder="https://example.com"> <button type="submit" id="add-shortlink" class="btn btn-primary mb-2">Add</button> + <div id="status"></div> </form> </div> </div>