function svenk_check_whitelisted_domain($success, $url, $keyword, $title)
{
/* This filter works like that: Return $success if everything is fine,
return something else or die if not.
Unfortunately the filter is called *before* the URL is escaped properly,
so we have to do this twice (https://github.com/YOURLS/YOURLS/blob/master/includes/functions.php#L185). */
$url = yourls_escape(yourls_sanitize_url(yourls_encodeURI($url)));
$url_host = parse_url($url, PHP_URL_HOST);
if (!$url_host) {
// we cannot even determine the host part of the $url, fail silently.
// This more or less replaces Line191 in the functions.php file.
# yourls_die('During Whitelist check, cannot determine host of URL', 'Forbidden', 403);
return array('status' => 'fail', 'code' => 'error:nourl', 'message' => 'During whitelist check, cannot determine host of URL. Probably missing or malformed URL', 'errorCode' => 400);
}
/* make sure this is present: The configuration of whitelisted domains */
global $allowed_domains;
foreach ($allowed_domains as $allowed_domain) {
if (isset($allowed_domain['regexp'])) {
// check if this whitelist entry catches the $url_host by regexp
if (preg_match($allowed_domain['regexp'], $url_host)) {
return $success;
}
} elseif (isset($allowed_domain['domain'])) {
// check if this whitelist entry allows the $url_host by domain end test
if (svenk_endsWith($url_host, $allowed_domain['domain'])) {
return $success;
}
}
}
/* URL is not whitelisted. Fail verbosely */
return array('status' => 'fail', 'code' => 'error:whitelist', 'message' => 'This domain is not whitelisted.', 'errorCode' => 400);
#yourls_die('This domain is not whitelisted', 'Forbidden', 403);
}
/**
* Add a new link in the DB, either with custom keyword, or find one
*
*/
function yourls_add_new_link($url, $keyword = '', $title = '')
{
// Allow plugins to short-circuit the whole function
$pre = yourls_apply_filter('shunt_add_new_link', false, $url, $keyword, $title);
if (false !== $pre) {
return $pre;
}
$url = yourls_encodeURI($url);
$url = yourls_escape(yourls_sanitize_url($url));
if (!$url || $url == 'http://' || $url == 'https://') {
$return['status'] = 'fail';
$return['code'] = 'error:nourl';
$return['message'] = yourls__('Missing or malformed URL');
$return['errorCode'] = '400';
return yourls_apply_filter('add_new_link_fail_nourl', $return, $url, $keyword, $title);
}
// Prevent DB flood
$ip = yourls_get_IP();
yourls_check_IP_flood($ip);
// Prevent internal redirection loops: cannot shorten a shortened URL
if (yourls_get_relative_url($url)) {
if (yourls_is_shorturl($url)) {
$return['status'] = 'fail';
$return['code'] = 'error:noloop';
$return['message'] = yourls__('URL is a short URL');
$return['errorCode'] = '400';
return yourls_apply_filter('add_new_link_fail_noloop', $return, $url, $keyword, $title);
}
}
yourls_do_action('pre_add_new_link', $url, $keyword, $title);
$strip_url = stripslashes($url);
$return = array();
// duplicates allowed or new URL => store it
if (yourls_allow_duplicate_longurls() || !($url_exists = yourls_url_exists($url))) {
if (isset($title) && !empty($title)) {
$title = yourls_sanitize_title($title);
} else {
$title = yourls_get_remote_title($url);
}
$title = yourls_apply_filter('add_new_title', $title, $url, $keyword);
// Custom keyword provided
if ($keyword) {
yourls_do_action('add_new_link_custom_keyword', $url, $keyword, $title);
$keyword = yourls_escape(yourls_sanitize_string($keyword));
$keyword = yourls_apply_filter('custom_keyword', $keyword, $url, $title);
if (!yourls_keyword_is_free($keyword)) {
// This shorturl either reserved or taken already
$return['status'] = 'fail';
$return['code'] = 'error:keyword';
$return['message'] = yourls_s('Short URL %s already exists in database or is reserved', $keyword);
} else {
// all clear, store !
yourls_insert_link_in_db($url, $keyword, $title);
$return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => date('Y-m-d H:i:s'), 'ip' => $ip);
$return['status'] = 'success';
$return['message'] = yourls_s('%s added to database', yourls_trim_long_string($strip_url));
$return['title'] = $title;
$return['html'] = yourls_table_add_row($keyword, $url, $title, $ip, 0, time());
$return['shorturl'] = YOURLS_SITE . '/' . $keyword;
}
// Create random keyword
} else {
yourls_do_action('add_new_link_create_keyword', $url, $keyword, $title);
$timestamp = date('Y-m-d H:i:s');
$id = yourls_get_next_decimal();
$ok = false;
do {
$keyword = yourls_int2string($id);
$keyword = yourls_apply_filter('random_keyword', $keyword, $url, $title);
if (yourls_keyword_is_free($keyword)) {
if (@yourls_insert_link_in_db($url, $keyword, $title)) {
// everything ok, populate needed vars
$return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => $timestamp, 'ip' => $ip);
$return['status'] = 'success';
$return['message'] = yourls_s('%s added to database', yourls_trim_long_string($strip_url));
$return['title'] = $title;
$return['html'] = yourls_table_add_row($keyword, $url, $title, $ip, 0, time());
$return['shorturl'] = YOURLS_SITE . '/' . $keyword;
} else {
// database error, couldnt store result
$return['status'] = 'fail';
$return['code'] = 'error:db';
$return['message'] = yourls_s('Error saving url to database');
}
$ok = true;
}
$id++;
} while (!$ok);
@yourls_update_next_decimal($id);
}
// URL was already stored
} else {
yourls_do_action('add_new_link_already_stored', $url, $keyword, $title);
$return['status'] = 'fail';
$return['code'] = 'error:url';
$return['url'] = array('keyword' => $url_exists->keyword, 'url' => $strip_url, 'title' => $url_exists->title, 'date' => $url_exists->timestamp, 'ip' => $url_exists->ip, 'clicks' => $url_exists->clicks);
$return['message'] = yourls_s('%s already exists in database', yourls_trim_long_string($strip_url));
$return['title'] = $url_exists->title;
$return['shorturl'] = YOURLS_SITE . '/' . $url_exists->keyword;
}
yourls_do_action('post_add_new_link', $url, $keyword, $title);
$return['statusCode'] = 200;
// regardless of result, this is still a valid request
return yourls_apply_filter('add_new_link', $return, $url, $keyword, $title);
}
