mirror of
https://github.com/gamaio/UnPS-Short.git
synced 2024-11-14 12:57:26 +00:00
Remove foreach loop and fix multiple id vulnerability
I found that right after committing the last commit, the last id entered would be the one finally redirected to. This also slowed page load time. By grabbing only the very first key of $_GET and throwing away the rest, the script will only look at the first string after the '?' Need to change links to reflect these changes (or it will try to redirect to 'l' everytime instead of the id)
This commit is contained in:
parent
b62f922cb1
commit
63a2724f86
17
index.php
17
index.php
@ -28,15 +28,14 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
if(!empty($_GET)){
|
if(!empty($_GET)){
|
||||||
foreach($_GET as $key=>$value){
|
$key = key($_GET);
|
||||||
include('api/dbsettings.php');
|
include('api/dbsettings.php');
|
||||||
$link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key))));
|
$link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key))));
|
||||||
$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
|
$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
|
||||||
if($result = $shortdb->query($sql)){
|
if($result = $shortdb->query($sql)){
|
||||||
if($row = $result->fetch_assoc()){
|
if($row = $result->fetch_assoc()){
|
||||||
$link = $row['link'];
|
$link = $row['link'];
|
||||||
header("location:$link");
|
header("location:$link");
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user