Remove foreach loop and fix multiple id vulnerability

I found that right after committing the last commit, the last id
entered would be the one finally redirected to. This also slowed
page load time. By grabbing only the very first key of $_GET and
throwing away the rest, the script will only look at the first
string after the '?'

Need to change links to reflect these changes (or it will try to
redirect to 'l' everytime instead of the id)
This commit is contained in:
Arctic Code 2014-01-29 01:41:05 -06:00
parent b62f922cb1
commit 63a2724f86

View File

@ -28,15 +28,14 @@
*/ */
if(!empty($_GET)){ if(!empty($_GET)){
foreach($_GET as $key=>$value){ $key = key($_GET);
include('api/dbsettings.php'); include('api/dbsettings.php');
$link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key)))); $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key))));
$sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;"; $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;";
if($result = $shortdb->query($sql)){ if($result = $shortdb->query($sql)){
if($row = $result->fetch_assoc()){ if($row = $result->fetch_assoc()){
$link = $row['link']; $link = $row['link'];
header("location:$link"); header("location:$link");
}
} }
} }
} }