$keyword = isset($matches[1]) ? $matches[1] : '';
$keyword = yourls_sanitize_keyword($keyword);
$aggregate = isset($matches[2]) ? (bool) $matches[2] && yourls_allow_duplicate_longurls() : false;
// Variables should be defined in yourls-loader.php, if not try GET request (old behavior of yourls-infos.php)
if (!isset($keyword) && isset($_GET['id'])) {
$keyword = $_GET['id'];
}
if (!isset($aggregate) && isset($_GET['all']) && $_GET['all'] == 1 && yourls_allow_duplicate_longurls()) {
$aggregate = true;
}
if (!isset($keyword)) {
yourls_do_action('infos_no_keyword');
yourls_redirect(YOURLS_SITE, 302);
}
$user = $_SESSION["user"];
if (verifyUrlOwner($keyword, $user["id"]) && YOURLS_MULTIUSER_PROTECTED === true || YOURLS_MULTIUSER_PROTECTED === false) {
// Get basic infos for this shortened URL
$keyword = yourls_sanitize_string($keyword);
$longurl = yourls_get_keyword_longurl($keyword);
$clicks = yourls_get_keyword_clicks($keyword);
$timestamp = yourls_get_keyword_timestamp($keyword);
$title = yourls_get_keyword_title($keyword);
// Update title if it hasn't been stored yet
if ($title == '') {
$title = yourls_get_remote_title($longurl);
yourls_edit_link_title($keyword, $title);
}
if ($longurl === false) {
yourls_do_action('infos_keyword_not_found');
yourls_redirect(YOURLS_SITE, 302);
}
case 'edit_save':
yourls_verify_nonce('edit-save_' . $_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error');
$user = $_SESSION["user"];
if (verifyUrlOwner(yourls_sanitize_keyword($_REQUEST['keyword']), $user["id"])) {
$return = yourls_edit_link($_REQUEST['url'], $_REQUEST['keyword'], $_REQUEST['newkeyword'], $_REQUEST['title']);
echo json_encode($return);
} else {
// TODO: SHOW ERROR!
$keyword = $_REQUEST['keyword'];
die("THE {$keyword} url does not seems to be from " . $user["id"]);
}
break;
case 'delete':
yourls_verify_nonce('delete-link_' . $_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error');
$user = $_SESSION["user"];
if (verifyUrlOwner(yourls_sanitize_keyword($_REQUEST['keyword']), $user["id"])) {
$query = yourls_delete_link_by_keyword($_REQUEST['keyword']);
echo json_encode(array('success' => $query));
} else {
// TODO: SHOW ERROR!
die;
}
break;
case 'logout':
// unused for the moment
yourls_logout();
break;
default:
yourls_do_action('yourls_ajax_' . $action);
}
die;
function trapApi($args)
{
$action = $args[0];
$admin = yourls_is_valid_user();
// Uses this name but REFERS to ADMIN!
if ($admin === true || $action == "expand") {
return;
}
if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) {
return;
}
switch ($action) {
case "shorturl":
if (YOURLS_MULTIUSER_ANONYMOUS === true) {
return;
} else {
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403);
} else {
return;
}
}
break;
// Stats for a shorturl
// Stats for a shorturl
case 'url-stats':
$token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : '';
$user = getUserIdByToken($token);
if ($user == false) {
$u = $_SESSION["user"];
$user = getUserIdByToken($u["token"]);
}
if ($user == false) {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
} else {
if (verifyUrlOwner($keyword, $user)) {
$shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : '';
$return = yourls_api_url_stats($shorturl);
} else {
$return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403);
}
}
break;
default:
$return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter');
}
$format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml';
yourls_api_output($format, $return);
die;
}
