function clayton_api_action_delete() { // We don't want unauthenticated users deleting links // If YOURLS is in public mode, force authentication anyway if (!yourls_is_private()) { yourls_do_action('require_auth'); require_once YOURLS_INC . '/auth.php'; } // Need 'shorturl' parameter if (!isset($_REQUEST['shorturl'])) { return array('statusCode' => 400, 'simple' => "Need a 'shorturl' parameter", 'message' => 'error: missing param'); } $shorturl = $_REQUEST['shorturl']; // Check if valid shorturl if (!yourls_is_shorturl($shorturl)) { return array('statusCode' => 404, 'simple ' => 'Error: short URL not found', 'message' => 'error: not found'); } // Is $shorturl a URL (http://sho.rt/abc) or a keyword (abc) ? if (yourls_get_protocol($shorturl)) { $keyword = yourls_get_relative_url($shorturl); } else { $keyword = $shorturl; } // Delete shorturl if (yourls_delete_link_by_keyword($keyword)) { return array('statusCode' => 200, 'simple' => "Shorturl {$shorturl} deleted", 'message' => 'success: deleted'); } else { return array('statusCode' => 500, 'simple' => 'Error: could not delete shorturl, not sure why :-/', 'message' => 'error: unknown error'); } }
function ozh_yourls_antispam_check_redirect($url, $keyword = false) { if (is_array($url) && $keyword == false) { $keyword = $url[1]; $url = $url[0]; } // Check when the link was added // If shorturl is fresh (ie probably clicked more often?) check once every 15 times, otherwise once every 5 times // Define fresh = 3 days = 259200 secondes // TODO: when there's a shorturl_meta table, store last check date to allow checking every 2 or 3 days $now = date('U'); $then = date('U', strtotime(yourls_get_keyword_timestamp($keyword))); $chances = $now - $then > 259200 ? 15 : 5; if ($chances == mt_rand(1, $chances)) { if (ozh_yourls_antispam_is_blacklisted($url) != false) { // Delete link & die yourls_delete_link_by_keyword($keyword); yourls_die('This domain has been blacklisted. This short URL has been deleted from our record.', 'Domain blacklisted', '403'); } } // Nothing, move along }
// Pick action $action = $_REQUEST['action']; switch ($action) { case 'add': yourls_verify_nonce('add_url', $_REQUEST['nonce'], false, 'omg error'); $return = yourls_add_new_link($_REQUEST['url'], $_REQUEST['keyword']); echo json_encode($return); break; case 'edit_display': yourls_verify_nonce('edit-link_' . $_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error'); $row = yourls_table_edit_row($_REQUEST['keyword']); echo json_encode(array('html' => $row)); break; case 'edit_save': yourls_verify_nonce('edit-save_' . $_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error'); $return = yourls_edit_link($_REQUEST['url'], $_REQUEST['keyword'], $_REQUEST['newkeyword'], $_REQUEST['title']); echo json_encode($return); break; case 'delete': yourls_verify_nonce('delete-link_' . $_REQUEST['id'], $_REQUEST['nonce'], false, 'omg error'); $query = yourls_delete_link_by_keyword($_REQUEST['keyword']); echo json_encode(array('success' => $query)); break; case 'logout': // unused for the moment yourls_logout(); break; default: yourls_do_action('yourls_ajax_' . $action); } die;
function yourls_add_new_link($url, $keyword = '') { global $ydb; if (!$url || $url == 'http://' || $url == 'https://') { $return['status'] = 'fail'; $return['code'] = 'error:nourl'; $return['message'] = 'Missing URL input'; $return['errorCode'] = '400'; return $return; } // Prevent DB flood $ip = yourls_get_IP(); yourls_check_IP_flood($ip); // Prevent internal redirection loops: cannot shorten a shortened URL $url = yourls_escape(yourls_sanitize_url($url)); if (preg_match('!^' . YOURLS_SITE . '/!', $url)) { if (yourls_is_shorturl($url)) { $return['status'] = 'fail'; $return['code'] = 'error:noloop'; $return['message'] = 'URL is a short URL'; $return['errorCode'] = '400'; return $return; } } $table = YOURLS_DB_TABLE_URL; $strip_url = stripslashes($url); $url_exists = $ydb->get_row("SELECT keyword,url FROM `{$table}` WHERE `url` = '" . $strip_url . "';"); $return = array(); // New URL : store it -- or: URL exists, but duplicates allowed if (!$url_exists || yourls_allow_duplicate_longurls()) { // Custom keyword provided if ($keyword) { $keyword = yourls_escape(yourls_sanitize_string($keyword)); if (!yourls_keyword_is_free($keyword)) { // This shorturl either reserved or taken already $return['status'] = 'fail'; $return['code'] = 'error:keyword'; $return['message'] = 'Short URL ' . $keyword . ' already exists in database or is reserved'; } else { // all clear, store ! yourls_insert_link_in_db($url, $keyword); $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'date' => date('Y-m-d H:i:s'), 'ip' => $ip); $return['status'] = 'success'; $return['message'] = $strip_url . ' added to database'; $return['html'] = yourls_table_add_row($keyword, $url, $ip, 0, time()); $return['shorturl'] = YOURLS_SITE . '/' . $keyword; } // Create random keyword } else { $timestamp = date('Y-m-d H:i:s'); $id = yourls_get_next_decimal(); $ok = false; do { $keyword = yourls_int2string($id); $free = yourls_keyword_is_free($keyword); $add_url = @yourls_insert_link_in_db($url, $keyword); $ok = $free && $add_url; if ($ok === false && $add_url === 1) { // we stored something, but shouldn't have (ie reserved id) $delete = yourls_delete_link_by_keyword($keyword); $return['extra_info'] .= '(deleted ' . $keyword . ')'; } else { // everything ok, populate needed vars $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'date' => $timestamp, 'ip' => $ip); $return['status'] = 'success'; $return['message'] = $strip_url . ' added to database'; $return['html'] = yourls_table_add_row($keyword, $url, $ip, 0, time()); $return['shorturl'] = YOURLS_SITE . '/' . $keyword; } $id++; } while (!$ok); @yourls_update_next_decimal($id); } } else { // URL was already stored $return['status'] = 'fail'; $return['code'] = 'error:url'; $return['message'] = $strip_url . ' already exists in database'; $return['shorturl'] = YOURLS_SITE . '/' . $url_exists->keyword; } $return['statusCode'] = 200; // regardless of result, this is still a valid request return $return; }
/** * Add a new link in the DB, either with custom keyword, or find one * */ function yourls_add_new_link($url, $keyword = '', $title = '') { global $ydb; // Allow plugins to short-circuit the whole function $pre = yourls_apply_filter('shunt_add_new_link', false, $url, $keyword, $title); if (false !== $pre) { return $pre; } $url = yourls_encodeURI($url); $url = yourls_escape(yourls_sanitize_url($url)); if (!$url || $url == 'http://' || $url == 'https://') { $return['status'] = 'fail'; $return['code'] = 'error:nourl'; $return['message'] = yourls__('Missing or malformed URL'); $return['errorCode'] = '400'; return yourls_apply_filter('add_new_link_fail_nourl', $return, $url, $keyword, $title); } // Prevent DB flood $ip = yourls_get_IP(); yourls_check_IP_flood($ip); // Prevent internal redirection loops: cannot shorten a shortened URL if (yourls_get_relative_url($url)) { if (yourls_is_shorturl($url)) { $return['status'] = 'fail'; $return['code'] = 'error:noloop'; $return['message'] = yourls__('URL is a short URL'); $return['errorCode'] = '400'; return yourls_apply_filter('add_new_link_fail_noloop', $return, $url, $keyword, $title); } } yourls_do_action('pre_add_new_link', $url, $keyword, $title); $strip_url = stripslashes($url); $return = array(); // duplicates allowed or new URL => store it if (yourls_allow_duplicate_longurls() || !($url_exists = yourls_url_exists($url))) { if (isset($title) && !empty($title)) { $title = yourls_sanitize_title($title); } else { $title = yourls_get_remote_title($url); } $title = yourls_apply_filter('add_new_title', $title, $url, $keyword); // Custom keyword provided if ($keyword) { yourls_do_action('add_new_link_custom_keyword', $url, $keyword, $title); $keyword = yourls_escape(yourls_sanitize_string($keyword)); $keyword = yourls_apply_filter('custom_keyword', $keyword, $url, $title); if (!yourls_keyword_is_free($keyword)) { // This shorturl either reserved or taken already $return['status'] = 'fail'; $return['code'] = 'error:keyword'; $return['message'] = yourls_s('Short URL %s already exists in database or is reserved', $keyword); } else { // all clear, store ! yourls_insert_link_in_db($url, $keyword, $title); $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => date('Y-m-d H:i:s'), 'ip' => $ip); $return['status'] = 'success'; $return['message'] = yourls_s('%s added to database', yourls_trim_long_string($strip_url)); $return['title'] = $title; $return['html'] = yourls_table_add_row($keyword, $url, $title, $ip, 0, time()); $return['shorturl'] = YOURLS_SITE . '/' . $keyword; } // Create random keyword } else { yourls_do_action('add_new_link_create_keyword', $url, $keyword, $title); $timestamp = date('Y-m-d H:i:s'); $id = yourls_get_next_decimal(); $ok = false; do { $keyword = yourls_int2string($id); $keyword = yourls_apply_filter('random_keyword', $keyword, $url, $title); $free = yourls_keyword_is_free($keyword); $add_url = @yourls_insert_link_in_db($url, $keyword, $title); $ok = $free && $add_url; if ($ok === false && $add_url === 1) { // we stored something, but shouldn't have (ie reserved id) $delete = yourls_delete_link_by_keyword($keyword); $return['extra_info'] .= '(deleted ' . $keyword . ')'; } else { // everything ok, populate needed vars $return['url'] = array('keyword' => $keyword, 'url' => $strip_url, 'title' => $title, 'date' => $timestamp, 'ip' => $ip); $return['status'] = 'success'; $return['message'] = yourls_s('%s added to database', yourls_trim_long_string($strip_url)); $return['title'] = $title; $return['html'] = yourls_table_add_row($keyword, $url, $title, $ip, 0, time()); $return['shorturl'] = YOURLS_SITE . '/' . $keyword; } $id++; } while (!$ok); @yourls_update_next_decimal($id); } // URL was already stored } else { yourls_do_action('add_new_link_already_stored', $url, $keyword, $title); $return['status'] = 'fail'; $return['code'] = 'error:url'; $return['url'] = array('keyword' => $url_exists->keyword, 'url' => $strip_url, 'title' => $url_exists->title, 'date' => $url_exists->timestamp, 'ip' => $url_exists->ip, 'clicks' => $url_exists->clicks); $return['message'] = yourls_s('%s already exists in database', yourls_trim_long_string($strip_url)); $return['title'] = $url_exists->title; $return['shorturl'] = YOURLS_SITE . '/' . $url_exists->keyword; } yourls_do_action('post_add_new_link', $url, $keyword, $title); $return['statusCode'] = 200; // regardless of result, this is still a valid request return yourls_apply_filter('add_new_link', $return, $url, $keyword, $title); }