function temp_instead_admin_page_do() { if (isset($_POST['temp_instead_mode'])) { yourls_verify_nonce('temp_instead'); temp_instead_admin_page_update(); } $mode = intval(yourls_get_option('temp_instead_mode', 1)); $nonce = yourls_create_nonce('temp_instead'); // If the option hasn't been added previously, we add the default value of everything using // 302 redirects. echo '<h2>302-Redirect Redirection Rules</h2>'; echo '<p>This plugin allows you to configure how the 302-redirect plugin operates.</p>'; echo '<form method="post">'; echo '<input type="hidden" name="nonce" value="' . $nonce . '" />'; echo '<label for="temp_instead_mode">Select Redirect Mode:</label>'; echo '<select id="temp_instead_mode" name="temp_instead_mode">'; $opt1 = $mode == 1 ? ' selected' : ''; $opt2 = $mode == 2 ? ' selected' : ''; $opt3 = $mode == 3 ? ' selected' : ''; echo '<option value=1' . $opt1 . '>Redirect all using 302 temporary redirect</option>'; echo '<option value=2' . $opt2 . '>Redirect all using 301 permanent redirect</option>'; echo '<option value=3' . $opt3 . '>Redirect full URLs using 302 and short URLs using 301</option>'; echo '<p><input type="submit" value="Update Redirect Mode" /></p>'; echo '</select>'; echo '</form>'; }
function gmo_domain_swap_do_page() { // Check if a form was submitted if (isset($_POST['domain_swap_values'])) { // Check nonce yourls_verify_nonce('domain_swap'); // Process form gmo_domain_swap_update_option(); } // Get value from database $domain_swap_values = yourls_get_option('domain_swap_values'); $domain_swap_values_json = json_decode($domain_swap_values); $domain_swap_values_list = ''; $count_domains = count($domain_swap_values_json->domains) + 1; foreach ($domain_swap_values_json->domains as $domain) { $domain_swap_values_list .= $domain . PHP_EOL; } $domain_swap_values_list = trim($domain_swap_values_list); // Create nonce $nonce = yourls_create_nonce('domain_swap'); echo <<<HTML <h2>Domain Swap Configuration Page</h2> <p>Enter here a list with domain names you want to swap from.</p> <form method="post"> <input type="hidden" name="nonce" value="{$nonce}" /> <p><label for="domain_swap_values">Domains: </label></p> <P><textarea rows="{$count_domains}" cols="50" name="domain_swap_values">{$domain_swap_values_list}</textarea></p> <p>Notes:</p> <ul> <li>One entry per line</li> <li>No trailing slash</li> <li>No protocol</li> <li>e.g. <ul> <li>[ok] example.com</li> <li>[ok] sub.example.com</li> <li>[bad] http://example.com</li> <li>[bad] example.com/</li> </ul> </li> </ul> <p><input type="submit" value="Update value" /></p> </form> HTML; }
function adminreCaptcha_config_page() { if (isset($_POST['abdulrauf_adminreCaptcha_public_key'])) { yourls_verify_nonce('abdulrauf_adminreCaptcha_nonce'); abdulrauf_adminreCaptcha_save_admin(); } $nonce = yourls_create_nonce('abdulrauf_adminreCaptcha_nonce'); $pubkey = yourls_get_option('abdulrauf_adminreCaptcha_pub_key', ""); $privkey = yourls_get_option('abdulrauf_adminreCaptcha_priv_key', ""); echo '<h2>Admin reCaptcha plugin settings</h2>'; echo '<form method="post">'; echo '<input type="hidden" name="nonce" value="' . $nonce . '" />'; echo '<p><label for="abdulrauf_adminreCaptcha_public_key">reCaptcha site key: </label>'; echo '<input type="text" id="abdulrauf_adminreCaptcha_public_key" name="abdulrauf_adminreCaptcha_public_key" value="' . $pubkey . '"></p>'; echo '<p><label for="abdulrauf_adminreCaptcha_private_key">reCaptcha secret key: </label>'; echo '<input type="text" id="abdulrauf_adminreCaptcha_private_key" name="abdulrauf_adminreCaptcha_private_key" value="' . $privkey . '"></p>'; echo '<input type="submit" value="Save"/>'; echo '</form>'; }
function popularclicks_do_page() { $nonce = yourls_create_nonce('popular_clickks'); echo '<h2>Popular Clicks</h2>'; function show_top($numdays, $numrows) { global $ydb; $base = YOURLS_SITE; $table_url = YOURLS_DB_TABLE_URL; $table_log = YOURLS_DB_TABLE_LOG; $outdata = ''; /** SELECT a.shorturl AS shorturl, count(*) AS clicks, b.url AS longurl FROM yourls_log a, yourls_url b WHERE a.shorturl=b.keyword AND DATE_SUB(NOW(), INTERVAL 30 DAY)<a.click_time GROUP BY a.shorturl ORDER BY count(*) DESC LIMIT 20; */ $query = $ydb->get_results("SELECT a.shorturl AS shorturl, count(*) AS clicks, b.url AS longurl FROM `{$table_log}` a, `{$table_url}` b WHERE a.shorturl=b.keyword AND DATE_SUB(NOW(), INTERVAL {$numdays} DAY)<a.click_time GROUP BY a.shorturl ORDER BY count(*) DESC LIMIT {$numrows}"); if ($query) { foreach ($query as $query_result) { $outdata .= '<tr><td>' . $query_result->clicks . '</td><td><a href="' . $base . '/' . $query_result->shorturl . '+" target="blank">' . $query_result->shorturl . '</a>' . '</td><td><a href="' . $query_result->longurl . '" target="blank">' . $query_result->longurl . '</td></tr>'; } } echo '<h3><b>Popular Clicks in the Last ' . $numdays . ' Days:</b></h3><br/>' . '<table><tr><th>Clicks</th><th>Short URL</th><th>Long URL</th></tr>' . $outdata . "</table><br>\n\r"; } // update next lines for addjustments on number of days and number of top links // example: show_top(1,5) => print the 5 most popular links clicked in the last 1 day show_top(1, 15); // last day show_top(7, 15); // last week show_top(30, 15); // last ~month show_top(365, 15); // last ~year show_top(1000, 15); // ~alltime }
function ozh_yourls_samplepage_do_page() { // Check if a form was submitted if (isset($_POST['test_option'])) { // Check nonce yourls_verify_nonce('sample_page'); // Process form ozh_yourls_samplepage_update_option(); } // Get value from database $test_option = yourls_get_option('test_option'); // Create nonce $nonce = yourls_create_nonce('sample_page'); echo <<<HTML \t\t<h2>Sample Plugin Administration Page</h2> \t\t<p>This plugin stores an integer in the option database</p> \t\t<form method="post"> \t\t<input type="hidden" name="nonce" value="{$nonce}" /> \t\t<p><label for="test_option">Enter an integer</label> <input type="text" id="test_option" name="test_option" value="{$test_option}" /></p> \t\t<p><input type="submit" value="Update value" /></p> \t\t</form> HTML; }
/** * Action: admin_page_before_form */ public function action_admin_page_before_form() { $panels = []; $panels[] = 'form_new_url-panel-shorturl.twig'; if ($this->_hasPermission(self::PERMISSION_ACTION_ADD_GROUP)) { $panels[] = 'form_new_url-panel-ldapgroup.twig'; } if ($this->_hasPermission(self::PERMISSION_ACTION_EDIT_COMMENT)) { $panels[] = 'form_new_url-panel-comment.twig'; } if ($this->_hasPermission(self::PERMISSION_ACTION_EDIT_LABEL)) { $panels[] = 'form_new_url-panel-label.twig'; } echo '</div>'; echo $this->getTemplate()->render('form_new_url', ['nonce_add' => yourls_create_nonce('add_url'), 'panels' => $panels, 'ldapgrouplist' => $this->_options['ldapgrouplist'], 'ldapgrouplist_value' => array_keys($this->_getOwnGroups())]); ob_start(); }
/** * Return an "Edit" row for the main table * * @param string $keyword Keyword to edit * @return string HTML of the edit row */ function yourls_table_edit_row($keyword) { $keyword = yourls_sanitize_string($keyword); $id = yourls_string2htmlid($keyword); // used as HTML #id $url = yourls_get_keyword_longurl($keyword); $title = htmlspecialchars(yourls_get_keyword_title($keyword)); $safe_url = yourls_esc_attr(rawurldecode($url)); $safe_title = yourls_esc_attr($title); // Make strings sprintf() safe: '%' -> '%%' $safe_url = str_replace('%', '%%', $safe_url); $safe_title = str_replace('%', '%%', $safe_title); $www = yourls_link(); $nonce = yourls_create_nonce('edit-save_' . $id); if ($url) { $return = <<<RETURN <tr id="edit-{$id}" class="edit-row"><td colspan="5" class="edit-row"><strong>%s</strong>:<input type="text" id="edit-url-{$id}" name="edit-url-{$id}" value="{$safe_url}" class="text" size="70" /><br/><strong>%s</strong>: {$www}<input type="text" id="edit-keyword-{$id}" name="edit-keyword-{$id}" value="{$keyword}" class="text" size="10" /><br/><strong>%s</strong>: <input type="text" id="edit-title-{$id}" name="edit-title-{$id}" value="{$safe_title}" class="text" size="60" /></td><td colspan="1"><input type="button" id="edit-submit-{$id}" name="edit-submit-{$id}" value="%s" title="%s" class="button" onclick="edit_link_save('{$id}');" /> <input type="button" id="edit-close-{$id}" name="edit-close-{$id}" value="%s" title="%s" class="button" onclick="edit_link_hide('{$id}');" /><input type="hidden" id="old_keyword_{$id}" value="{$keyword}"/><input type="hidden" id="nonce_{$id}" value="{$nonce}"/></td></tr> RETURN; $return = sprintf($return, yourls__('Long URL'), yourls__('Short URL'), yourls__('Title'), yourls__('Save'), yourls__('Save new values'), yourls__('Cancel'), yourls__('Cancel editing')); } else { $return = '<tr class="edit-row notfound"><td colspan="6" class="edit-row notfound">' . yourls__('Error, URL not found') . '</td></tr>'; } $return = yourls_apply_filter('table_edit_row', $return, $keyword, $url, $title); return $return; }
/** * Check validity of a nonce (ie time span, user and action match). * * Returns true if valid, dies otherwise (yourls_die() or die($return) if defined) * if $nonce is false or unspecified, it will use $_REQUEST['nonce'] * */ function yourls_verify_nonce($action, $nonce = false, $user = false, $return = '') { // get user if (false == $user) { $user = defined('YOURLS_USER') ? YOURLS_USER : '******'; } // get current nonce value if (false == $nonce && isset($_REQUEST['nonce'])) { $nonce = $_REQUEST['nonce']; } // what nonce should be $valid = yourls_create_nonce($action, $user); if ($nonce == $valid) { return true; } else { if ($return) { die($return); } yourls_die(yourls__('Unauthorized action or expired link'), yourls__('Error'), 403); } }
?> </strong> activated</p> <table id="main_table" class="tblSorter" cellpadding="0" cellspacing="1"> <thead> <tr> <th>Plugin Name</th> <th>Version</th> <th>Description</th> <th>Author</th> <th>Action</th> </tr> </thead> <tbody> <?php $nonce = yourls_create_nonce('manage_plugins'); foreach ($plugins as $file => $plugin) { // default fields to read from the plugin header $fields = array('name' => 'Plugin Name', 'uri' => 'Plugin URI', 'desc' => 'Description', 'version' => 'Version', 'author' => 'Author', 'author_uri' => 'Author URI'); // Loop through all default fields, get value if any and reset it foreach ($fields as $field => $value) { if ($plugin[$value]) { $data[$field] = $plugin[$value]; } else { $data[$field] = '(no info)'; } unset($plugin[$value]); } $plugindir = trim(dirname($file), '/'); if (yourls_is_active_plugin($file)) { $class = 'active';
function yourls_verify_nonce($nonce, $action = -1, $user = false) { if (false == $user) { $user = defined('YOURLS_USER') ? YOURLS_USER : '******'; } $valid = yourls_create_nonce($action, $user); return $nonce == $valid; }
function spb_recaptcha_configpage_display() { if (isset($_POST['spb_recaptcha_public_key'])) { yourls_verify_nonce('spb_recaptcha_nonce'); spb_recaptcha_save_admin(); } $nonce = yourls_create_nonce('spb_recaptcha_nonce'); $pubkey = yourls_get_option('spb_recaptcha_pub_key', ""); $privkey = yourls_get_option('spb_recaptcha_priv_key', ""); $solvemediaCKey = yourls_get_option('spb_recaptcha_solvemediaCKey', ""); $solvemediaVKey = yourls_get_option('spb_recaptcha_solvemediaVKey', ""); $solvemediaHKey = yourls_get_option('spb_recaptcha_solvemediaHKey', ""); echo '<h2>reCaptcha plugin settings</h2>'; echo '<form method="post">'; echo '<input type="hidden" name="nonce" value="' . $nonce . '" />'; echo '<p><label for="spb_recaptcha_public_key">reCaptcha site key: </label>'; echo '<input type="text" id="spb_recaptcha_public_key" name="spb_recaptcha_public_key" value="' . $pubkey . '"></p>'; echo '<p><label for="spb_recaptcha_private_key">reCaptcha secret key: </label>'; echo '<input type="text" id="spb_recaptcha_private_key" name="spb_recaptcha_private_key" value="' . $privkey . '"></p>'; echo '<hr/>'; echo '<p><label for="spb_recaptcha_solvemediaCKey">Solve Media Challenge Key (C-key): </label>'; echo '<input type="text" id="spb_recaptcha_solvemediaCKey" name="spb_recaptcha_solvemediaCKey" value="' . $solvemediaCKey . '"></p>'; echo '<p><label for="spb_recaptcha_solvemediaVKey">Solve Media Verification Key (V-key): </label>'; echo '<input type="text" id="spb_recaptcha_solvemediaVKey" name="spb_recaptcha_solvemediaVKey" value="' . $solvemediaVKey . '"></p>'; echo '<p><label for="spb_recaptcha_solvemediaHKey">Solve Media Authentication Hash Key (H-key): </label>'; echo '<input type="text" id="spb_recaptcha_solvemediaHKey" name="spb_recaptcha_solvemediaHKey" value="' . $solvemediaHKey . '"></p>'; echo '<input type="submit"/>'; echo '</form>'; }
function yourls_verify_nonce($action, $nonce, $user = false, $return = '') { // get user if (false == $user) { $user = defined('YOURLS_USER') ? YOURLS_USER : '******'; } // what nonce should be $valid = yourls_create_nonce($action, $user); if ($nonce == $valid) { return true; } else { if ($return) { die($return); } yourls_die('Unauthorized action or expired link', 'Error', 403); } }
/** * Return an "Edit" row for the main table * * @param string $keyword Keyword to edit * @return string HTML of the edit row */ function yourls_table_edit_row($keyword) { global $ydb; $table = YOURLS_DB_TABLE_URL; $keyword = yourls_sanitize_string($keyword); $id = yourls_string2htmlid($keyword); // used as HTML #id $url = yourls_get_keyword_longurl($keyword); $title = htmlspecialchars(yourls_get_keyword_title($keyword)); $safe_url = yourls_esc_attr($url); $safe_title = yourls_esc_attr($title); $www = yourls_link(); $save_link = yourls_nonce_url('save-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'edit_save', 'keyword' => $keyword), yourls_admin_url('admin-ajax.php'))); $nonce = yourls_create_nonce('edit-save_' . $id); if ($url) { $return = <<<RETURN <tr id="edit-{$id}" class="edit-row"><td colspan="5" class="edit-row"><strong>%s</strong>:<input type="text" id="edit-url-{$id}" name="edit-url-{$id}" value="{$safe_url}" class="text" size="70" /><br/><strong>%s</strong>: {$www}<input type="text" id="edit-keyword-{$id}" name="edit-keyword-{$id}" value="{$keyword}" class="text" size="10" /><br/><strong>%s</strong>: <input type="text" id="edit-title-{$id}" name="edit-title-{$id}" value="{$safe_title}" class="text" size="60" /></td><td colspan="1"><input type="button" id="edit-submit-{$id}" name="edit-submit-{$id}" value="%s" title="%s" class="button" onclick="edit_link_save('{$id}');" /> <input type="button" id="edit-close-{$id}" name="edit-close-{$id}" value="%s" title="%s" class="button" onclick="edit_link_hide('{$id}');" /><input type="hidden" id="old_keyword_{$id}" value="{$keyword}"/><input type="hidden" id="nonce_{$id}" value="{$nonce}"/></td></tr> RETURN; $return = sprintf(urldecode($return), yourls__('Long URL'), yourls__('Short URL'), yourls__('Title'), yourls__('Save'), yourls__('Save new values'), yourls__('Cancel'), yourls__('Cancel editing')); } else { $return = '<tr class="edit-row notfound">><td colspan="6" class="edit-row notfound">' . yourls__('Error, URL not found') . '</td></tr>'; } $return = yourls_apply_filter('table_edit_row', $return, $keyword, $url, $title); return $return; }
/** * Action: yourls_ajax_laemmi_edit_ldapgroup */ public function action_yourls_ajax_laemmi_edit_ldapgroup() { $keyword = yourls_sanitize_string($this->getRequest('keyword')); $nonce = $this->getRequest('nonce'); $id = yourls_string2htmlid($keyword); yourls_verify_nonce('laemmi_edit_ldapgroup_' . $id, $nonce, false, 'omg error'); $nonce = yourls_create_nonce('laemmi_edit_ldapgroup_save_' . $id); $infos = yourls_get_keyword_infos($keyword); $projectlist_value = (array) @json_decode($infos[self::SETTING_URL_PROJECTS], true); $projectlist = []; foreach ($this->_options['projectlist'] as $key => $val) { if ($this->_hasPermission(self::PERMISSION_ACTION_ADD_OTHER_PROJECT) || $this->_hasPermission('action-edit', [$key])) { $projectlist[$key] = $key; } } $html = $this->getTemplate()->render('edit_row_project', ['keyword' => $keyword, 'nonce' => $nonce, 'id' => $id, 'projectlist' => $projectlist, 'projectlist_value' => $projectlist_value]); echo json_encode(['html' => $html]); }
/** * Action yourls_ajax_laemmi_edit_comment_label */ public function action_yourls_ajax_laemmi_edit_comment_label() { $keyword = yourls_sanitize_string($this->getRequest('keyword')); $nonce = $this->getRequest('nonce'); $id = yourls_string2htmlid($keyword); yourls_verify_nonce('laemmi_edit_comment_label_' . $id, $nonce, false, 'omg error'); $nonce = yourls_create_nonce('laemmi_edit_comment_label_save_' . $id); $infos = yourls_get_keyword_infos($keyword); $comment = $infos[self::SETTING_URL_COMMENT]; $label = json_decode($infos[self::SETTING_URL_LABEL], true); $label = implode(',', $label); $html = ' <tr id="edit-' . $id . '" class="edit-row laemmi_edit_comment_label_row" data-id="' . $id . '"><td colspan="5"> <form action="admin-ajax.php" method="post"> <input type="hidden" name="action" value="laemmi_edit_comment_label_save" /> <input type="hidden" name="keyword" value="' . $keyword . '" /> <input type="hidden" name="nonce" value="' . $nonce . '" />'; $html .= $this->getHtmlFields(['comment' => $comment, 'label' => $label]); $html .= '</form> </td><td colspan="1"> <input class="button" type="button" name="save" value="' . yourls__('Save') . '"> <input class="button" type="button" name="cancel" value="' . yourls__('Cancel') . '"> </td></tr>'; echo json_encode(['html' => $html]); }