devshort

Unnamed repository; edit this file 'description' to name the repository.
git clone git://code.clttr.info/devshort.git
Log | Files | Refs | README | LICENSE

commit 9adef2f66f3e11567e1d4ae62a856ef01170d6eb
parent 45bf14027e5826db4fcf0a2d5b08d55169925450
Author: Florian Kaldowski <flokX@users.noreply.github.com>
Date:   Wed, 10 Apr 2019 13:43:14 +0200

Filtering of new entrys (see #6)
Diffstat:
Madmin/index.php | 17+++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/admin/index.php b/admin/index.php @@ -7,6 +7,14 @@ $config_content = json_decode(file_get_contents($config_path), true); $stats_path = __DIR__ . DIRECTORY_SEPARATOR . "stats.json"; $stats_content = json_decode(file_get_contents($stats_path), true); +// Filter the names that the admin interface doesn't break +function filter_name($nameRaw) { + $name = filter_var($nameRaw, FILTER_SANITIZE_STRING); + $name = str_replace(" ", "-", $name); + $name = preg_replace("/[^A-Za-z0-9-_]/", "", $name); + return $name; +} + // API functions to delete and add the shortlinks via the admin panel if (isset($_GET["delete"]) || isset($_GET["add"])) { $data = json_decode(file_get_contents("php://input"), true); @@ -14,13 +22,14 @@ if (isset($_GET["delete"]) || isset($_GET["add"])) { unset($config_content["shortlinks"][$data["name"]]); unset($stats_content[$data["name"]]); } else if (isset($_GET["add"])) { - if (!filter_var($data["url"], FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) { + $filtered = array("name" => filter_name($data["name"]), + "url" => filter_var($data["url"], FILTER_SANITIZE_URL)); + if (!filter_var($filtered["url"], FILTER_VALIDATE_URL, FILTER_FLAG_HOST_REQUIRED)) { echo "{\"status\": \"unvalid-url\"}"; exit; } - $name = str_replace(" ", "-", $data["name"]); - $config_content["shortlinks"][$data["name"]] = $data["url"]; - $stats_content[$data["name"]] = array(); + $config_content["shortlinks"][$filtered["name"]] = $filtered["url"]; + $stats_content[$filtered["name"]] = array(); } file_put_contents($config_path, json_encode($config_content, JSON_PRETTY_PRINT)); file_put_contents($stats_path, json_encode($stats_content, JSON_PRETTY_PRINT));