Hi.
If someone host this tool as a public service it will be unsafe for him, given that the URL and the custom text lengths inputed by the user are not verified.
According to the table's structure :
if (($_POST['onoffswitch'] == 'on') && (isset($_POST['custom']))) {
$customCode = $_POST['custom'];
if (!$urlShortener->checkUrlExistInDatabase($customCode)) {
$insertCustom = true;
}
else {
$errors = true;
$_SESSION['error'] = 'The custom URL <a href="' . BASE_URL . $_POST['custom'] . '">' . BASE_URL . $_POST['custom'] . "</a> already exists";
}
}if (isset($_POST['url']) && !$errors) {
$orignalURL = $_POST['url'];
if (!$insertCustom) {
if ($uniqueCode = $urlShortener->validateUrlAndReturnCode($orignalURL)) {
$_SESSION['success'] = $urlShortener->generateLinkForShortURL($uniqueCode);
}
else {
$_SESSION['error'] = "There was a problem. Invalid URL, perhaps?";
}
}
else {
if ($urlShortener->returnCustomCode($orignalURL, $customCode)) {
$_SESSION['success'] = $urlShortener->generateLinkForShortURL($customCode);
}
else {
header("Location: ../index.php?error=inurl");
die();
}
}
}CREATE TABLE IF NOT EXISTS `link` (
`id` int(11) NOT NULL,
`url` varchar(1000) DEFAULT NULL,
`code` varchar(20) DEFAULT NULL,
`created` timestamp NULL DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Hi.
If someone host this tool as a public service it will be unsafe for him, given that the URL and the custom text lengths inputed by the user are not verified.
According to the table's structure :
URL's length should not exceed 1000
custom text's length should not exceed 20 characters.