Test my URL shortener please

[olie122333]

Hi

 

I have just created a URL shortening service. See the service here: dl.tl.

 

Please test the service and tell me if you find a bug/way to hack it?

 

Files that may be of particular interest are some of the ones that the AJAX uses - dl.tl/shorten.php?URL= and dl.tl/lengthen.php?short=

 

Thanks

 

 

Proof of ownership: dl.tl/phpfreaks.txt

[doddsey_65]

When entering the same url multiple times I get a different short link for each one. Maybe have some sort of check to see if the url exists in your records, then throw its short url rather than creating a new one

[Coreye]

Full Path Disclosure:

http://dl.tl/shorten.php?URL[]

Warning: preg_match() expects parameter 2 to be string, array given in /var/www/html/dl.tl/includes/shorten.php on line 10

 

Full Path Disclosure:

http://dl.tl/lengthen.php?short[]

Notice: Array to string conversion in /var/www/html/dl.tl/includes/lengthen.php on line 16

[plznty]

When entering the same url multiple times I get a different short link for each one. Maybe have some sort of check to see if the url exists in your records, then throw its short url rather than creating a new one

I agree with this, also use A-Z a-z 0-9 and '-'s to create more permutations.

[olie122333]

The reason that I plan to add some analytics at some point, and so sharing URLs will make this somewhat more difficult.

 

The string generation is a rand() number, md5'ed and then trimmed. I will change this to use the full alphabet, all numbers and hyphens.

 

I will also fix the errors when you access the AJAX URLs directly without a parameter.

[requinix]

I will also fix the errors when you access the AJAX URLs directly without a parameter.

Coreye was getting at a different point: forcing arrays instead of strings. The [] turn the arguments into arrays, and if you try to use the values with string functions then PHP will complain.