olie122333 Posted September 11, 2011 Share Posted September 11, 2011 Hi I have just created a URL shortening service. See the service here: dl.tl. Please test the service and tell me if you find a bug/way to hack it? Files that may be of particular interest are some of the ones that the AJAX uses - dl.tl/shorten.php?URL= and dl.tl/lengthen.php?short= Thanks Proof of ownership: dl.tl/phpfreaks.txt Link to comment Share on other sites More sharing options...
doddsey_65 Posted September 16, 2011 Share Posted September 16, 2011 When entering the same url multiple times I get a different short link for each one. Maybe have some sort of check to see if the url exists in your records, then throw its short url rather than creating a new one Link to comment Share on other sites More sharing options...
Coreye Posted September 18, 2011 Share Posted September 18, 2011 Full Path Disclosure: http://dl.tl/shorten.php?URL[] Warning: preg_match() expects parameter 2 to be string, array given in /var/www/html/dl.tl/includes/shorten.php on line 10 Full Path Disclosure: http://dl.tl/lengthen.php?short[] Notice: Array to string conversion in /var/www/html/dl.tl/includes/lengthen.php on line 16 Link to comment Share on other sites More sharing options...
plznty Posted September 24, 2011 Share Posted September 24, 2011 When entering the same url multiple times I get a different short link for each one. Maybe have some sort of check to see if the url exists in your records, then throw its short url rather than creating a new one I agree with this, also use A-Z a-z 0-9 and '-'s to create more permutations. Link to comment Share on other sites More sharing options...
olie122333 Posted September 26, 2011 Author Share Posted September 26, 2011 The reason that I plan to add some analytics at some point, and so sharing URLs will make this somewhat more difficult. The string generation is a rand() number, md5'ed and then trimmed. I will change this to use the full alphabet, all numbers and hyphens. I will also fix the errors when you access the AJAX URLs directly without a parameter. Link to comment Share on other sites More sharing options...
requinix Posted September 26, 2011 Share Posted September 26, 2011 I will also fix the errors when you access the AJAX URLs directly without a parameter. Coreye was getting at a different point: forcing arrays instead of strings. The [] turn the arguments into arrays, and if you try to use the values with string functions then PHP will complain. Link to comment Share on other sites More sharing options...
Recommended Posts