function svenk_check_whitelisted_domain($success, $url, $keyword, $title)
{
/* This filter works like that: Return $success if everything is fine,
return something else or die if not.
Unfortunately the filter is called *before* the URL is escaped properly,
so we have to do this twice (https://github.com/YOURLS/YOURLS/blob/master/includes/functions.php#L185). */
$url = yourls_escape(yourls_sanitize_url(yourls_encodeURI($url)));
$url_host = parse_url($url, PHP_URL_HOST);
if (!$url_host) {
// we cannot even determine the host part of the $url, fail silently.
// This more or less replaces Line191 in the functions.php file.
# yourls_die('During Whitelist check, cannot determine host of URL', 'Forbidden', 403);
return array('status' => 'fail', 'code' => 'error:nourl', 'message' => 'During whitelist check, cannot determine host of URL. Probably missing or malformed URL', 'errorCode' => 400);
}
/* make sure this is present: The configuration of whitelisted domains */
global $allowed_domains;
foreach ($allowed_domains as $allowed_domain) {
if (isset($allowed_domain['regexp'])) {
// check if this whitelist entry catches the $url_host by regexp
if (preg_match($allowed_domain['regexp'], $url_host)) {
return $success;
}
} elseif (isset($allowed_domain['domain'])) {
// check if this whitelist entry allows the $url_host by domain end test
if (svenk_endsWith($url_host, $allowed_domain['domain'])) {
return $success;
}
}
}
/* URL is not whitelisted. Fail verbosely */
return array('status' => 'fail', 'code' => 'error:whitelist', 'message' => 'This domain is not whitelisted.', 'errorCode' => 400);
#yourls_die('This domain is not whitelisted', 'Forbidden', 403);
}
function yourls_get_remote_content($url, $maxlen = 4096, $timeout = 5)
{
$url = yourls_sanitize_url($url);
$transport = yourls_get_http_transport($url);
if ($transport) {
$content = call_user_func('yourls_get_remote_content_' . $transport, $url, $maxlen, $timeout);
} else {
$content = false;
}
return yourls_apply_filter('get_remote_content', $content, $url, $maxlen, $timeout);
}
function ozh_yourls_antispam_check_add($false, $url)
{
// Sanitize URL and make sure there's a protocol
$url = yourls_sanitize_url($url);
// only check for 'http(s)'
if (!in_array(yourls_get_protocol($url), array('http://', 'https://'))) {
return false;
}
if (ozh_yourls_antispam_is_blacklisted($url) != false) {
return array('status' => 'fail', 'code' => 'error:spam', 'message' => 'This domain is blacklisted', 'errorCode' => '403');
}
// All clear, not interrupting the normal flow of events
return false;
}
function mu_table_add_row($keyword, $url, $title = '', $ip, $clicks, $timestamp)
{
$keyword = yourls_sanitize_string($keyword);
$display_keyword = htmlentities($keyword);
$url = yourls_sanitize_url($url);
$display_url = htmlentities(yourls_trim_long_string($url));
$title_url = htmlspecialchars($url);
$title = yourls_sanitize_title($title);
$display_title = yourls_trim_long_string($title);
$title = htmlspecialchars($title);
$id = yourls_string2htmlid($keyword);
// used as HTML #id
$date = date('M d, Y H:i', $timestamp + YOURLS_HOURS_OFFSET * 3600);
$clicks = number_format($clicks, 0, '', '');
$shorturl = YOURLS_SITE . '/' . $keyword;
$statlink = $shorturl . '+';
if (yourls_is_ssl()) {
$statlink = str_replace('http://', 'https://', $statlink);
}
if ($title) {
$display_link = "<a href=\"{$url}\" title=\"{$title}\">{$display_title}</a><br/><small><a href=\"{$url}\" title=\"{$title_url}\">{$display_url}</a></small>";
} else {
$display_link = "<a href=\"{$url}\" title=\"{$title_url}\">{$display_url}</a>";
}
$delete_link = yourls_nonce_url('delete-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'delete', 'keyword' => $keyword), muAdminUrl('admin-ajax.php')));
$edit_link = yourls_nonce_url('edit-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'edit', 'keyword' => $keyword), muAdminUrl('admin-ajax.php')));
$actions = <<<ACTION
<a href="{$statlink}" id="statlink-{$id}" title="Stats" class="button button_stats">Stats</a><a href="" id="share-button-{$id}" name="share-button" title="Share" class="button button_share" onclick="toggle_share('{$id}');return false;">Share</a><a href="{$edit_link}" id="edit-button-{$id}" name="edit-button" title="Edit" class="button button_edit" onclick="edit('{$id}');return false;">Edit</a><a href="{$delete_link}" id="delete-button-{$id}" name="delete-button" title="Delete" class="button button_delete" onclick="remove('{$id}');return false;">Delete</a>
ACTION;
$actions = yourls_apply_filter('action_links', $actions, $keyword, $url, $ip, $clicks, $timestamp);
$row = <<<ROW
<tr id="id-{$id}"><td id="keyword-{$id}" class="keyword"><a href="{$shorturl}">{$display_keyword}</a></td><td id="url-{$id}" class="url">{$display_link}</td><td id="timestamp-{$id}" class="timestamp">{$date}</td><td id="ip-{$id}" class="ip">{$ip}</td><td id="clicks-{$id}" class="clicks">{$clicks}</td><td class="actions" id="actions-{$id}">{$actions}<input type="hidden" id="keyword_{$id}" value="{$keyword}"/></td></tr>
ROW;
$row = yourls_apply_filter('table_add_row', $row, $keyword, $url, $title, $ip, $clicks, $timestamp);
return $row;
}
break;
case 'url':
$search_in_text = yourls__('URL');
$search_in = 'url';
break;
case 'title':
$search_in_text = yourls__('Title');
$search_in = 'title';
break;
case 'ip':
$search_in_text = yourls__('IP Address');
$search_in = 'ip';
break;
}
$search_sentence = yourls_s('Searching for <strong>%1$s</strong> in <strong>%2$s</strong>.', yourls_esc_html($search), yourls_esc_html($search_in_text));
$search_url = yourls_sanitize_url("&search={$search}&search_in={$search_in}");
$search_text = $search;
$search = str_replace('*', '%', '*' . yourls_escape($search) . '*');
if ($search_in == 'all') {
$where .= " AND CONCAT_WS('',`keyword`,`url`,`title`,`ip`) LIKE ('{$search}')";
// Search across all fields. The resulting SQL will be something like:
// SELECT * FROM `yourls_url` WHERE CONCAT_WS('',`keyword`,`url`,`title`,`ip`) LIKE ("%ozh%")
// CONCAT_WS because CONCAT('foo', 'bar’, NULL) = NULL. NULL wins. Not sure if values can be NULL now or in the future, so better safe.
// TODO: pay attention to this bit when the DB schema changes
} else {
$where .= " AND `{$search_in}` LIKE ('{$search}')";
}
}
// Time span
if (!empty($_GET['date_filter'])) {
switch ($_GET['date_filter']) {
if (preg_match("@^([{$pattern}]+)/?\$@", $request, $matches)) {
$keyword = isset($matches[1]) ? $matches[1] : '';
$keyword = yourls_sanitize_keyword($keyword);
yourls_do_action('load_template_go', $keyword);
require_once YOURLS_ABSPATH . '/yourls-go.php';
exit;
}
// Stats:
if (preg_match("@^([{$pattern}]+)\\+(all)?/?\$@", $request, $matches)) {
$keyword = isset($matches[1]) ? $matches[1] : '';
$keyword = yourls_sanitize_keyword($keyword);
$aggregate = isset($matches[2]) ? (bool) $matches[2] && yourls_allow_duplicate_longurls() : false;
yourls_do_action('load_template_infos', $keyword);
require_once YOURLS_ABSPATH . '/yourls-infos.php';
exit;
}
// Prefix-n-Shorten sends to bookmarklet (doesn't work on Windows)
if (preg_match("@^[a-zA-Z]+://.+@", $request, $matches)) {
$url = yourls_sanitize_url($matches[0]);
if ($parse = yourls_get_protocol_slashes_and_rest($url, array('up', 'us', 'ur'))) {
yourls_do_action('load_template_redirect_admin', $url);
$parse = array_map('rawurlencode', $parse);
// Redirect to /admin/index.php?up=<url protocol>&us=<url slashes>&ur=<url rest>
yourls_redirect(yourls_add_query_arg($parse, yourls_admin_url('index.php')), 302);
exit;
}
}
// Past this point this is a request the loader could not understand
yourls_do_action('loader_failed', $request);
yourls_redirect(YOURLS_SITE, 302);
exit;
<?php
include 'header.php';
$url = isset($_REQUEST['url']) ? yourls_sanitize_url($_REQUEST['url']) : '';
$keyword = isset($_REQUEST['keyword']) ? yourls_sanitize_keyword($_REQUEST['keyword']) : '';
$title = isset($_REQUEST['title']) ? yourls_sanitize_title($_REQUEST['title']) : '';
?>
<div class="content">
<h2><?php
yourls_e('Enter a new URL to shorten', 'isq_translation');
?>
</h2>
<form method="post" action="result.php" class="newurl">
<div class="form-item full-width">
<p><label for="url" class="primary"><?php
yourls_e('Long URL', 'isq_translation');
?>
</label></p>
<p><label for="url" class="secondary"><?php
yourls_e('Paste the long URL here. This is required.', 'isq_translation');
?>
</label></p>
<input type="url" id="url" name="url" value="<?php
echo $url;
?>
" autofocus>
</div>
<div class="halves">
/**
* Get relative URL (eg 'abc' from 'http://sho.rt/abc')
*
* Treat indifferently http & https. If a URL isn't relative to the YOURLS install, return it as is
* or return empty string if $strict is true
*
* @since 1.6
* @param string $url URL to relativize
* @param bool $strict if true and if URL isn't relative to YOURLS install, return empty string
* @return string URL
*/
function yourls_get_relative_url($url, $strict = true)
{
$url = yourls_sanitize_url($url);
// Remove protocols to make it easier
$noproto_url = str_replace('https:', 'http:', $url);
$noproto_site = str_replace('https:', 'http:', YOURLS_SITE);
// Trim URL from YOURLS root URL : if no modification made, URL wasn't relative
$_url = str_replace($noproto_site . '/', '', $noproto_url);
if ($_url == $noproto_url) {
$_url = $strict ? '' : $url;
}
return yourls_apply_filter('get_relative_url', $_url, $url);
}
function audiomark_create_keyword($keyword)
{
// Use URL instead the handed over keyword (unfortuately yourls does not hand it over)
return create_short_url(yourls_sanitize_url($_REQUEST['url']));
}
$sort_order_sql = 'desc';
break;
}
}
// Get URLs Count for current filter, total links in DB & total clicks
list($total_urls, $total_clicks) = array_values(yourls_get_db_stats());
if ($where) {
list($total_items, $total_items_clicks) = array_values(yourls_get_db_stats($where));
} else {
$total_items = $total_urls;
$total_items_clicks = false;
}
// This is a bookmarklet
if (isset($_GET['u'])) {
$is_bookmark = true;
$url = yourls_sanitize_url($_GET['u']);
$keyword = isset($_GET['k']) ? yourls_sanitize_keyword($_GET['k']) : '';
$title = isset($_GET['t']) ? yourls_sanitize_title($_GET['t']) : '';
$return = yourls_add_new_link($url, $keyword, $title);
// If fails because keyword already exist, retry with no keyword
if (isset($return['status']) && $return['status'] == 'fail' && isset($return['code']) && $return['code'] == 'error:keyword') {
$msg = $return['message'];
$return = yourls_add_new_link($url, '', $ydb);
$return['message'] .= ' (' . $msg . ')';
}
// Stop here if bookmarklet with a JSON callback function
if (isset($_GET['jsonp']) && $_GET['jsonp'] == 'yourls') {
$short = $return['shorturl'] ? $return['shorturl'] : '';
$message = $return['message'];
header('Content-type: application/json');
echo "yourls_callback({'short_url':'{$short}','message':'{$message}'});";
function yourls_get_duplicate_keywords($longurl)
{
if (!yourls_allow_duplicate_longurls()) {
return NULL;
}
global $ydb;
$longurl = yourls_escape(yourls_sanitize_url($longurl));
$table = YOURLS_DB_TABLE_URL;
return $ydb->get_col("SELECT `keyword` FROM `{$table}` WHERE `url` = '{$longurl}'");
}
function yourls_get_remote_title($url)
{
require_once YOURLS_INC . '/functions-http.php';
$url = yourls_sanitize_url($url);
$title = $charset = false;
$content = yourls_get_remote_content($url);
// If false, return url as title.
// Todo: improve this with temporary title when shorturl_meta available?
if (false === $content) {
return $url;
}
if ($content !== false) {
// look for <title>
if (preg_match('/<title>(.*?)<\\/title>/is', $content, $found)) {
$title = $found[1];
unset($found);
}
// look for charset
// <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
if (preg_match('/<meta[^>]*?charset=([^>]*?)\\/?>/is', $content, $found)) {
$charset = trim($found[1], '"\' ');
unset($found);
}
}
// if title not found, guess if returned content was actually an error message
if ($title == false && strpos($content, 'Error') === 0) {
$title = $content;
}
if ($title == false) {
$title = $url;
}
/*
if( !yourls_seems_utf8( $title ) )
$title = utf8_encode( $title );
*/
// Charset conversion. We use @ to remove warnings (mb_ functions are easily bitching about illegal chars)
if (function_exists('mb_convert_encoding')) {
if ($charset) {
$title = @mb_convert_encoding($title, 'UTF-8', $charset);
} else {
$title = @mb_convert_encoding($title, 'UTF-8');
}
}
// Remove HTML entities
$title = html_entity_decode($title, ENT_QUOTES, 'UTF-8');
// Strip out evil things
$title = yourls_sanitize_title($title);
return yourls_apply_filter('get_remote_title', $title, $url);
}
/**
* Updates the configuration in the YOURLS database
*/
function itfs_piwik_admin_settings_update()
{
//We make sure we've received a configuration update
if (isset($_POST['piwik_config'])) {
$piwik_config = array();
/**
* There will be 2 additional modules. One for people who have donated above a certain amount and a professional version
*/
if (file_exists(dirname(__FILE__) . '/donations.php')) {
$piwik_config[SKU] = 'donations';
} else {
if (file_exists(dirname(__FILE__) . '/pro.php')) {
$piwik_config[SKU] = 'pro';
} else {
$piwik_config[SKU] = 'free';
}
}
// We sanitize each parameter.
if (is_array($_POST['piwik_config'])) {
foreach ($_POST['piwik_config'] as $k => $v) {
if ($k == 'site_id') {
$piwik_config[$k] = @intval($v);
} else {
if ($k == 'piwik_url') {
// Site URL must end with a slash. Stolen as-is from wp-piwik
if (substr($v, -1, 1) != '/' && substr($v, -10, 10) != '/index.php') {
$v .= '/';
}
$piwik_config[$k] = yourls_sanitize_url($v);
} else {
$piwik_config[$k] = yourls_sanitize_title($v);
}
}
}
try {
yourls_update_option('piwik_config', $piwik_config);
} catch (Exception $e) {
$message = "ITFS_PIWIK: Error when trying to save settings. " . $e->getMessage();
error_log($message, 0);
echo yourls_add_notice($message, 'message_error');
return false;
}
}
}
}
