function insensitive_get_keyword_infos($keyword, $use_cache = true) { global $ydb; $keyword = yourls_sanitize_string($keyword); yourls_do_action('pre_get_keyword', $keyword, $use_cache); if (isset($ydb->infos[$keyword]) && $use_cache == true) { return yourls_apply_filter('get_keyword_infos', $ydb->infos[$keyword], $keyword); } yourls_do_action('get_keyword_not_cached', $keyword); $table = YOURLS_DB_TABLE_URL; $infos = $ydb->get_row("SELECT * FROM `{$table}` WHERE LOWER(`keyword`) = LOWER('{$keyword}')"); if ($infos) { $infos = (array) $infos; $ydb->infos[$keyword] = $infos; } else { $ydb->infos[$keyword] = false; } return yourls_apply_filter('get_keyword_infos', $ydb->infos[$keyword], $keyword); }
function mu_table_add_row($keyword, $url, $title = '', $ip, $clicks, $timestamp) { $keyword = yourls_sanitize_string($keyword); $display_keyword = htmlentities($keyword); $url = yourls_sanitize_url($url); $display_url = htmlentities(yourls_trim_long_string($url)); $title_url = htmlspecialchars($url); $title = yourls_sanitize_title($title); $display_title = yourls_trim_long_string($title); $title = htmlspecialchars($title); $id = yourls_string2htmlid($keyword); // used as HTML #id $date = date('M d, Y H:i', $timestamp + YOURLS_HOURS_OFFSET * 3600); $clicks = number_format($clicks, 0, '', ''); $shorturl = YOURLS_SITE . '/' . $keyword; $statlink = $shorturl . '+'; if (yourls_is_ssl()) { $statlink = str_replace('http://', 'https://', $statlink); } if ($title) { $display_link = "<a href=\"{$url}\" title=\"{$title}\">{$display_title}</a><br/><small><a href=\"{$url}\" title=\"{$title_url}\">{$display_url}</a></small>"; } else { $display_link = "<a href=\"{$url}\" title=\"{$title_url}\">{$display_url}</a>"; } $delete_link = yourls_nonce_url('delete-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'delete', 'keyword' => $keyword), muAdminUrl('admin-ajax.php'))); $edit_link = yourls_nonce_url('edit-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'edit', 'keyword' => $keyword), muAdminUrl('admin-ajax.php'))); $actions = <<<ACTION <a href="{$statlink}" id="statlink-{$id}" title="Stats" class="button button_stats">Stats</a><a href="" id="share-button-{$id}" name="share-button" title="Share" class="button button_share" onclick="toggle_share('{$id}');return false;">Share</a><a href="{$edit_link}" id="edit-button-{$id}" name="edit-button" title="Edit" class="button button_edit" onclick="edit('{$id}');return false;">Edit</a><a href="{$delete_link}" id="delete-button-{$id}" name="delete-button" title="Delete" class="button button_delete" onclick="remove('{$id}');return false;">Delete</a> ACTION; $actions = yourls_apply_filter('action_links', $actions, $keyword, $url, $ip, $clicks, $timestamp); $row = <<<ROW <tr id="id-{$id}"><td id="keyword-{$id}" class="keyword"><a href="{$shorturl}">{$display_keyword}</a></td><td id="url-{$id}" class="url">{$display_link}</td><td id="timestamp-{$id}" class="timestamp">{$date}</td><td id="ip-{$id}" class="ip">{$ip}</td><td id="clicks-{$id}" class="clicks">{$clicks}</td><td class="actions" id="actions-{$id}">{$actions}<input type="hidden" id="keyword_{$id}" value="{$keyword}"/></td></tr> ROW; $row = yourls_apply_filter('table_add_row', $row, $keyword, $url, $title, $ip, $clicks, $timestamp); return $row; }
require_once dirname(__FILE__) . '/includes/load-yourls.php'; require_once YOURLS_INC . '/functions-infos.php'; yourls_maybe_require_auth(); // Variables should be defined in yourls-loader.php, if not try GET request (old behavior of yourls-infos.php) if (!isset($keyword) && isset($_GET['id'])) { $keyword = $_GET['id']; } if (!isset($aggregate) && isset($_GET['all']) && $_GET['all'] == 1 && yourls_allow_duplicate_longurls()) { $aggregate = true; } if (!isset($keyword)) { yourls_do_action('infos_no_keyword'); yourls_redirect(YOURLS_SITE, 302); } // Get basic infos for this shortened URL $keyword = yourls_sanitize_string($keyword); $longurl = yourls_get_keyword_longurl($keyword); $clicks = yourls_get_keyword_clicks($keyword); $timestamp = yourls_get_keyword_timestamp($keyword); $title = yourls_get_keyword_title($keyword); // Update title if it hasn't been stored yet if ($title == '') { $title = yourls_get_remote_title($longurl); yourls_edit_link_title($keyword, $title); } if ($longurl === false) { yourls_do_action('infos_keyword_not_found'); yourls_redirect(YOURLS_SITE, 302); } yourls_do_action('pre_yourls_infos', $keyword); if (yourls_do_log_redirect()) {
} yourls_do_action('admin_page_before_table'); yourls_table_head(); if (!$is_bookmark) { $params = array('search' => $search, 'search_text' => $search_text, 'search_in' => $search_in, 'sort_by' => $sort_by, 'sort_order' => $sort_order, 'page' => $page, 'perpage' => $perpage, 'click_filter' => $click_filter, 'click_limit' => $click_limit, 'total_pages' => $total_pages, 'date_filter' => $date_filter, 'date_first' => $date_first, 'date_second' => $date_second); yourls_html_tfooter($params); } yourls_table_tbody_start(); // Main Query $where = yourls_apply_filter('admin_list_where', $where); $url_results = $ydb->get_results("SELECT * FROM `{$table_url}` WHERE 1=1 {$where} ORDER BY `{$sort_by}` {$sort_order} LIMIT {$offset}, {$perpage};"); $found_rows = false; if ($url_results) { $found_rows = true; foreach ($url_results as $url_result) { $keyword = yourls_sanitize_string($url_result->keyword); $timestamp = strtotime($url_result->timestamp); $url = stripslashes($url_result->url); $ip = $url_result->ip; $title = $url_result->title ? $url_result->title : ''; $clicks = $url_result->clicks; echo yourls_table_add_row($keyword, $url, $title, $ip, $clicks, $timestamp); } } $display = $found_rows ? 'display:none' : ''; echo '<tr id="nourl_found" style="' . $display . '"><td colspan="6">' . yourls__('No URL') . '</td></tr>'; yourls_table_tbody_end(); yourls_table_end(); yourls_do_action('admin_page_after_table'); if ($is_bookmark) { yourls_share_box($url, $return['shorturl'], $title, $text);
/** * Alias function. I was always getting it wrong. * */ function yourls_sanitize_keyword($keyword) { return yourls_sanitize_string($keyword); }
/** * Return an "Add" row for the main table * * @return string HTML of the edit row */ function yourls_table_add_row($keyword, $url, $title = '', $ip, $clicks, $timestamp) { $keyword = yourls_sanitize_string($keyword); $id = yourls_string2htmlid($keyword); // used as HTML #id $shorturl = yourls_link($keyword); $statlink = yourls_statlink($keyword); $delete_link = yourls_nonce_url('delete-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'delete', 'keyword' => $keyword), yourls_admin_url('admin-ajax.php'))); $edit_link = yourls_nonce_url('edit-link_' . $id, yourls_add_query_arg(array('id' => $id, 'action' => 'edit', 'keyword' => $keyword), yourls_admin_url('admin-ajax.php'))); // Action link buttons: the array $actions = array('stats' => array('href' => $statlink, 'id' => "statlink-{$id}", 'title' => yourls_esc_attr__('Stats'), 'anchor' => yourls__('Stats')), 'share' => array('href' => '', 'id' => "share-button-{$id}", 'title' => yourls_esc_attr__('Share'), 'anchor' => yourls__('Share'), 'onclick' => "toggle_share('{$id}');return false;"), 'edit' => array('href' => $edit_link, 'id' => "edit-button-{$id}", 'title' => yourls_esc_attr__('Edit'), 'anchor' => yourls__('Edit'), 'onclick' => "edit_link_display('{$id}');return false;"), 'delete' => array('href' => $delete_link, 'id' => "delete-button-{$id}", 'title' => yourls_esc_attr__('Delete'), 'anchor' => yourls__('Delete'), 'onclick' => "remove_link('{$id}');return false;")); $actions = yourls_apply_filter('table_add_row_action_array', $actions); // Action link buttons: the HTML $action_links = ''; foreach ($actions as $key => $action) { $onclick = isset($action['onclick']) ? 'onclick="' . $action['onclick'] . '"' : ''; $action_links .= sprintf('<a href="%s" id="%s" title="%s" class="%s" %s>%s</a>', $action['href'], $action['id'], $action['title'], 'button button_' . $key, $onclick, $action['anchor']); } $action_links = yourls_apply_filter('action_links', $action_links, $keyword, $url, $ip, $clicks, $timestamp); if (!$title) { $title = $url; } $protocol_warning = ''; if (!in_array(yourls_get_protocol($url), array('http://', 'https://'))) { $protocol_warning = yourls_apply_filter('add_row_protocol_warning', '<span class="warning" title="' . yourls__('Not a common link') . '">★</span>'); } // Row cells: the array $cells = array('keyword' => array('template' => '<a href="%shorturl%">%keyword_html%</a>', 'shorturl' => yourls_esc_url($shorturl), 'keyword_html' => yourls_esc_html($keyword)), 'url' => array('template' => '<a href="%long_url%" title="%title_attr%">%title_html%</a><br/><small>%warning%<a href="%long_url%">%long_url_html%</a></small>', 'long_url' => yourls_esc_url($url), 'title_attr' => yourls_esc_attr($title), 'title_html' => yourls_esc_html(yourls_trim_long_string($title)), 'long_url_html' => yourls_esc_html(yourls_trim_long_string($url)), 'warning' => $protocol_warning), 'timestamp' => array('template' => '%date%', 'date' => date('M d, Y H:i', $timestamp + YOURLS_HOURS_OFFSET * 3600)), 'ip' => array('template' => '%ip%', 'ip' => $ip), 'clicks' => array('template' => '%clicks%', 'clicks' => yourls_number_format_i18n($clicks, 0, '', '')), 'actions' => array('template' => '%actions% <input type="hidden" id="keyword_%id%" value="%keyword%"/>', 'actions' => $action_links, 'id' => $id, 'keyword' => $keyword)); $cells = yourls_apply_filter('table_add_row_cell_array', $cells, $keyword, $url, $title, $ip, $clicks, $timestamp); // Row cells: the HTML. Replace every %stuff% in 'template' with 'stuff' value. $row = "<tr id=\"id-{$id}\">"; foreach ($cells as $cell_id => $elements) { $callback = new yourls_table_add_row_callback($elements); $row .= sprintf('<td class="%s" id="%s">', $cell_id, $cell_id . '-' . $id); $row .= preg_replace_callback('/%([^%]+)?%/', array($callback, 'callback'), $elements['template']); // For the record, in PHP 5.3+ we don't need to introduce a class in order to pass additional parameters // to the callback function. Instead, we would have used the 'use' keyword : // $row .= preg_replace_callback( '/%([^%]+)?%/', function( $match ) use ( $elements ) { return $elements[ $match[1] ]; }, $elements['template'] ); $row .= '</td>'; } $row .= "</tr>"; $row = yourls_apply_filter('table_add_row', $row, $keyword, $url, $title, $ip, $clicks, $timestamp); return $row; }
/** * Expand short url to long url * */ function yourls_api_expand($shorturl) { $keyword = str_replace(YOURLS_SITE . '/', '', $shorturl); // accept either 'http://ozh.in/abc' or 'abc' $keyword = yourls_sanitize_string($keyword); $longurl = yourls_get_keyword_longurl($keyword); if ($longurl) { $return = array('keyword' => $keyword, 'shorturl' => YOURLS_SITE . "/{$keyword}", 'longurl' => $longurl, 'simple' => $longurl, 'message' => 'success', 'statusCode' => 200); } else { $return = array('keyword' => $keyword, 'simple' => 'not found', 'message' => 'Error: short URL not found', 'errorCode' => 404); } return yourls_apply_filter('api_expand', $return, $shorturl); }
/** * Log a redirect (for stats) * * This function does not check for the existence of a valid keyword, in order to save a query. Make sure the keyword * exists before calling it. * * @since 1.4 * @param string $keyword short URL keyword * @return mixed Result of the INSERT query (1 on success) */ function yourls_log_redirect($keyword) { // Allow plugins to short-circuit the whole function $pre = yourls_apply_filter('shunt_log_redirect', false, $keyword); if (false !== $pre) { return $pre; } if (!yourls_do_log_redirect()) { return true; } global $ydb; $table = YOURLS_DB_TABLE_LOG; $keyword = yourls_escape(yourls_sanitize_string($keyword)); $referrer = isset($_SERVER['HTTP_REFERER']) ? yourls_escape(yourls_sanitize_url($_SERVER['HTTP_REFERER'])) : 'direct'; $ua = yourls_escape(yourls_get_user_agent()); $ip = yourls_escape(yourls_get_IP()); $location = yourls_escape(yourls_geo_ip_to_countrycode($ip)); return $ydb->query("INSERT INTO `{$table}` (click_time, shorturl, referrer, user_agent, ip_address, country_code) VALUES (NOW(), '{$keyword}', '{$referrer}', '{$ua}', '{$ip}', '{$location}')"); }
function trapApi($args) { $action = $args[0]; $admin = yourls_is_valid_user(); // Uses this name but REFERS to ADMIN! if ($admin === true || $action == "expand") { return; } if (YOURLS_MULTUSER_PROTECTED === false && ($action == "stats" || $action == "db-stats" || $action == 'url-stats')) { return; } switch ($action) { case "shorturl": if (YOURLS_MULTIUSER_ANONYMOUS === true) { return; } else { $token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : ''; $user = getUserIdByToken($token); if ($user == false) { $u = $_SESSION["user"]; $user = getUserIdByToken($u["token"]); } if ($user == false) { $return = array('simple' => 'You can\'t be anonymous', 'message' => 'You can\'t be anonymous', 'errorCode' => 403); } else { return; } } break; // Stats for a shorturl // Stats for a shorturl case 'url-stats': $token = isset($_REQUEST['token']) ? yourls_sanitize_string($_REQUEST['token']) : ''; $user = getUserIdByToken($token); if ($user == false) { $u = $_SESSION["user"]; $user = getUserIdByToken($u["token"]); } if ($user == false) { $return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403); } else { if (verifyUrlOwner($keyword, $user)) { $shorturl = isset($_REQUEST['shorturl']) ? $_REQUEST['shorturl'] : ''; $return = yourls_api_url_stats($shorturl); } else { $return = array('simple' => 'Invalid username or password', 'message' => 'Invalid username or password', 'errorCode' => 403); } } break; default: $return = array('errorCode' => 400, 'message' => 'Unknown or missing or forbidden "action" parameter', 'simple' => 'Unknown or missing or forbidden "action" parameter'); } $format = isset($_REQUEST['format']) ? $_REQUEST['format'] : 'xml'; yourls_api_output($format, $return); die; }
function yourls_log_redirect($keyword) { if (!yourls_do_log_redirect()) { return true; } global $ydb; $table = YOURLS_DB_TABLE_LOG; $keyword = yourls_sanitize_string($keyword); $referrer = isset($_SERVER['HTTP_REFERER']) ? yourls_sanitize_url($_SERVER['HTTP_REFERER']) : 'direct'; $ua = yourls_get_user_agent(); $ip = yourls_get_IP(); $location = yourls_geo_ip_to_countrycode($ip); return $ydb->query("INSERT INTO `{$table}` VALUES ('', NOW(), '{$keyword}', '{$referrer}', '{$ua}', '{$ip}', '{$location}')"); }
<?php // TODO: make things cleaner. This file is an awful HTML/PHP soup. // Require Files require_once dirname(__FILE__) . '/includes/load-yourls.php'; require_once dirname(__FILE__) . '/includes/functions-infos.php'; yourls_maybe_require_auth(); if (!isset($_GET['id'])) { yourls_redirect(YOURLS_SITE, 307); } $aggregate = false; if (isset($_GET['all']) && $_GET['all'] == 1 && yourls_allow_duplicate_longurls()) { $aggregate = true; } // Get basic infos for this shortened URL $keyword = yourls_sanitize_string($_GET['id']); $longurl = yourls_get_keyword_longurl($keyword); $clicks = yourls_get_keyword_clicks($keyword); $timestamp = yourls_get_keyword_timestamp($keyword); if ($longurl === false) { yourls_redirect(YOURLS_SITE, 307); } if (yourls_do_log_redirect()) { // Duplicate keywords, if applicable $keyword_list = yourls_get_duplicate_keywords($longurl); // Fetch all information from the table log $table = YOURLS_DB_TABLE_LOG; if ($aggregate) { $keywords = join("', '", $keyword_list); // Fetch information for all keywords pointing to $longurl $hits = $ydb->get_results("SELECT `shorturl`, `click_time`, `referrer`, `user_agent`, `country_code` FROM `{$table}` WHERE `shorturl` IN ( '{$keywords}' );");
/** * Action: yourls_ajax_laemmi_edit_ldapgroup_save */ public function action_yourls_ajax_laemmi_edit_ldapgroup_save() { $keyword = yourls_sanitize_string($this->getRequest('keyword')); $nonce = $this->getRequest('nonce'); $id = yourls_string2htmlid($keyword); yourls_verify_nonce('laemmi_edit_ldapgroup_save_' . $id, $nonce, false, 'omg error'); $this->action_insert_link(['', '', $keyword, '', '', '']); $return = []; $return['status'] = 'success'; $return['message'] = yourls__('Link updated in database', self::APP_NAMESPACE); echo json_encode($return); }