Security issue : Max lengths are not verified

yvisherve commented 4 years ago

Hi.

If someone host this tool as a public service it will be unsafe for him, given that the URL and the custom text lengths inputed by the user are not verified.

According to the table's structure :

URL's length should not exceed 1000
custom text's length should not exceed 20 characters.


if (($_POST['onoffswitch'] == 'on') && (isset($_POST['custom']))) {
    $customCode = $_POST['custom'];

    if (!$urlShortener->checkUrlExistInDatabase($customCode)) {
        $insertCustom = true;
    }

    else {
        $errors            = true;
        $_SESSION['error'] = 'The custom URL <a href="' . BASE_URL . $_POST['custom'] . '">' . BASE_URL . $_POST['custom'] . "</a> already exists";
    }
}


if (isset($_POST['url']) && !$errors) {
    $orignalURL = $_POST['url'];

    if (!$insertCustom) {
        if ($uniqueCode = $urlShortener->validateUrlAndReturnCode($orignalURL)) {
            $_SESSION['success'] = $urlShortener->generateLinkForShortURL($uniqueCode);
        }

        else {
            $_SESSION['error'] = "There was a problem. Invalid URL, perhaps?";
        }
    }

    else {
        if ($urlShortener->returnCustomCode($orignalURL, $customCode)) {
            $_SESSION['success'] = $urlShortener->generateLinkForShortURL($customCode);
        }

        else {
            header("Location: ../index.php?error=inurl");
            die();
        }
    }
}


CREATE TABLE IF NOT EXISTS `link` (
  `id` int(11) NOT NULL,
  `url` varchar(1000) DEFAULT NULL,
  `code` varchar(20) DEFAULT NULL,
  `created` timestamp NULL DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

amarlearning commented 4 years ago

@yvisherve good find. go ahead and implement it.

amarlearning commented 4 years ago

@yvisherve opening issue since it is yet to be implemented.

urls / url-shortener-php

Security issue : Max lengths are not verified #22