Service Should Not Work From Address Bar

sharma-pankaj-tech / phurl

Automatically exported from code.google.com/p/phurl

0 stars 0 forks source link

Service Should Not Work From Address Bar #30

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

This url shortening service should not be allowed from the address bar 
because of possible exploits that could/may be found and used against the 
person running the script. one way of checking is to use a referral check 
to make sure that the "GET" came from the domain that the person is 
attempting to use..

IE http://demourl.com/index.php?url=http://exploit.address.com/fail/&alias=

Original issue reported on code.google.com by Tec...@gmail.com on 27 Sep 2009 at 2:31

GoogleCodeExporter commented 9 years ago

Big percent of url shortening services allow and use GET method (like TinyURL, 
etc).
So I've decided the same style. So it's easier to make JavaScript widgets, 
services, etc.

Original comment by hdo...@gmail.com on 27 Sep 2009 at 11:35

Changed state: WontFix
Added labels: ****
Removed labels: ****