From 63a2724f8603d418a2305478d116228f71b330c0 Mon Sep 17 00:00:00 2001 From: Arctic Code Date: Wed, 29 Jan 2014 01:41:05 -0600 Subject: [PATCH] Remove foreach loop and fix multiple id vulnerability I found that right after committing the last commit, the last id entered would be the one finally redirected to. This also slowed page load time. By grabbing only the very first key of $_GET and throwing away the rest, the script will only look at the first string after the '?' Need to change links to reflect these changes (or it will try to redirect to 'l' everytime instead of the id) --- index.php | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/index.php b/index.php index d74135c..ddafe1d 100644 --- a/index.php +++ b/index.php @@ -28,15 +28,14 @@ */ if(!empty($_GET)){ - foreach($_GET as $key=>$value){ - include('api/dbsettings.php'); - $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key)))); - $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;"; - if($result = $shortdb->query($sql)){ - if($row = $result->fetch_assoc()){ - $link = $row['link']; - header("location:$link"); - } + $key = key($_GET); + include('api/dbsettings.php'); + $link = $shortdb->real_escape_string(strtolower(stripslashes(strip_tags($key)))); + $sql = "SELECT * FROM `links` WHERE `shortlink` = '$link' LIMIT 1;"; + if($result = $shortdb->query($sql)){ + if($row = $result->fetch_assoc()){ + $link = $row['link']; + header("location:$link"); } } }