Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Compare strings in a case-sensitive manner

  • Loading branch information...
commit 3b125a2f1a4c083d317e107f9c244441bea83274 1 parent ec7ac6e
@alanhogan authored
View
38 -/index.php
@@ -27,7 +27,7 @@
REQUIRE 'db.php';
REQUIRE 'stats.php';
-define('BCURLS_VERSION', '2.0.0');
+define('BCURLS_VERSION', '2.0.1');
define('BCURLS_DOMAIN', preg_replace('#^www\.#', '', $_SERVER['SERVER_NAME']));
define('BCURLS_URL', str_replace('-/index.php', '', 'http://'.BCURLS_DOMAIN.$_SERVER['PHP_SELF']));
@@ -192,7 +192,7 @@ function bc_log($message){
// Is there already a row in the DB going to this same URL?
$checksum = (int) sprintf('%u', crc32($url));
- $result = $db->prepare("SELECT id, custom_url, redir_type FROM {$prefix}urls WHERE checksum=? AND url=? AND redir_type <> 'gone' ORDER BY redir_type DESC LIMIT 1"); //sort so custom is before auto.
+ $result = $db->prepare("SELECT id, custom_url, redir_type FROM {$prefix}urls WHERE checksum=? AND BINARY url = BINARY ? AND redir_type <> 'gone' ORDER BY redir_type DESC LIMIT 1"); //sort so custom is before auto.
$result->bindValue(1, (int)$checksum);
$result->bindValue(2, $url);
if ( ! $result->execute())
@@ -215,7 +215,7 @@ function bc_log($message){
{ // user wants to assign a custom short URL
$custom_url = trim($_GET['custom_url']);
// check if the slug is already in use
- $stmt = $db->prepare("SELECT * FROM {$prefix}urls WHERE custom_url = ?");
+ $stmt = $db->prepare("SELECT * FROM {$prefix}urls WHERE BINARY custom_url = BINARY ?");
$stmt->bindValue(1, $custom_url);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
@@ -261,7 +261,7 @@ function bc_log($message){
{
// User added a new custom short URL even though that URL is already in the DB
// Update old redirections so they are no more than aliases of the new one ;)
- $update_to_alias_sql = "UPDATE {$prefix}urls SET redir_type = 'alias', url = :slug, checksum = :newchecksum WHERE checksum = :checksum AND url = :url AND (redir_type = 'custom' OR redir_type = 'auto') AND custom_url <> :slug";
+ $update_to_alias_sql = "UPDATE {$prefix}urls SET redir_type = 'alias', url = :slug, checksum = :newchecksum WHERE checksum = :checksum AND url = :url AND (redir_type = 'custom' OR redir_type = 'auto') AND BINARY custom_url <> BINARY :slug";
$updt_a = $db->prepare($update_to_alias_sql);
$updt_a->execute(array(
'checksum' => $checksum,
@@ -328,7 +328,7 @@ function bc_log($message){
$slug = BaseIntEncoder::encode($counter, $glyphs, $base);
// Check if slug is free
- $stmt = $db->prepare("SELECT custom_url, redir_type FROM {$prefix}urls WHERE custom_url = :slug");
+ $stmt = $db->prepare("SELECT custom_url, redir_type FROM {$prefix}urls WHERE BINARY custom_url = BINARY :slug");
$stmt->execute(array('slug'=>$slug));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if( ! $row ) //okay to insert
@@ -355,7 +355,7 @@ function bc_log($message){
// Binary Search
- if(LOG_MODE) bc_log("Before binary search: low: $low; high: $high; counter: $counter");
+ if(LOG_MODE) bc_log("Before binary search: low: $low; high: $high; slug: $slug");
// Note: Low is always "known bad" and high is always "known good"
$high = (string)$high;
$low = (string)$low;
@@ -365,13 +365,13 @@ function bc_log($message){
{
$counter = $high;
$slug = BaseIntEncoder::encode($counter, $glyphs, $base);
- if(LOG_MODE) bc_log('Binary search decided to use '.$counter." because high == low+1");
+ if(LOG_MODE) bc_log('Binary search decided to use '.$slug.' (counter '.$counter.") because high == low+1");
break;
}
$counter = bcadd($low, bcmul(bcsub($high, $low), '0.5', 0)); // at least +1
$slug = BaseIntEncoder::encode($counter, $glyphs, $base);
- $stmt = $db->prepare("SELECT custom_url, redir_type FROM {$prefix}urls WHERE custom_url = :slug");
+ $stmt = $db->prepare("SELECT custom_url, redir_type FROM {$prefix}urls WHERE BINARY custom_url = BINARY :slug");
$stmt->execute(array('slug'=>$slug));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if( ! $row ) // empty spot in the DB!
@@ -390,6 +390,7 @@ function bc_log($message){
$total_attempts_remaining += 50;
+ $validated = true;
// (Carefully, loopingly) Insert!
while ($slug !== false){
// Never just try forever
@@ -400,6 +401,18 @@ function bc_log($message){
exit;
}
+ if( ! $validated){
+ $stmt = $db->prepare("SELECT custom_url, redir_type FROM {$prefix}urls WHERE BINARY custom_url = BINARY :slug");
+ $stmt->execute(array('slug'=>$slug));
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if($row)
+ {
+ $counter = bcadd($counter, '1');
+ $slug = BaseIntEncoder::encode($counter, $glyphs, $base);
+ continue;
+ }
+ }
+
if(USE_BANNED_WORD_LIST){
$banned_pos = bcurls_find_banned_word($slug);
if($banned_pos !== FALSE) {
@@ -419,11 +432,12 @@ function bc_log($message){
if(LOG_MODE) bc_log('Counter += '.$diff.
' for banned word, is now '.$counter.' - slug '.$slug);
} else {
- $counter++;
+ $counter = bcadd($counter, '1');
if(LOG_MODE) bc_log('Counter++ for banned word, is now '
.$counter.' - slug '.$slug);
}
$slug = BaseIntEncoder::encode($counter, $glyphs, $base);
+ $validated = false;
continue;
}
}
@@ -440,11 +454,12 @@ function bc_log($message){
if(LOG_MODE) bc_log('Counter += '.$diff.
' for homoglyphs, is now '.$counter.' - slug '.$slug);
} else {
- $counter++;
+ $counter = bcadd($counter, '1');
if(LOG_MODE) bc_log('Counter++ for homoglyphs, is now '.$counter
.' - slug '.$slug);
}
$slug = BaseIntEncoder::encode($counter, $glyphs, $base);
+ $validated = false;
continue;
}
}
@@ -454,8 +469,9 @@ function bc_log($message){
$insert_result = bcurls_insert_url ($url, $checksum, $slug, $redir_type);
if($insert_result !== true) {
bc_log('Insertion result (not true)'.(string)$insert_result);
- $counter++;
+ $counter = bcadd($counter, '1');
$slug = BaseIntEncoder::encode($counter, $glyphs, $base);
+ $validated = false;
continue;
}
} catch(Exception $e){
View
4 -/migrations/004_onlyexplicitslugs.php
@@ -25,8 +25,8 @@ function up()
.'AND id > :min_id '
.'ORDER BY id '
.'LIMIT '.$batch;
- $check_sql = 'SELECT * FROM '.DB_PREFIX.'urls WHERE custom_url = :custom_url';
- $explicit_sql = 'UPDATE '.DB_PREFIX.'urls SET custom_url=:custom_url WHERE id=:id LIMIT 1';
+ $check_sql = 'SELECT * FROM '.DB_PREFIX.'urls WHERE BINARY custom_url = BINARY :custom_url';
+ $explicit_sql = 'UPDATE '.DB_PREFIX.'urls SET custom_url = :custom_url WHERE id=:id LIMIT 1';
// --- STEP ONE ---
// Add column to keep track of what kind of migration it is
View
3  CHANGES.txt
@@ -1,3 +1,6 @@
+2.0.1
+- Case sensitivity in MySQL
+
2.0 (Lessn More fork)
- Protected against SQL injection attacks
- Support for aliases - set the 'url' field in a database row to be the token you want to want to alias to, and the 'redir_type' to 'alias'
View
32 README.md
@@ -1,12 +1,12 @@
-Lessn More 2.0.0
+Lessn More 2.0.1
===============
Homepage: <http://lessnmore.net>
Source/Fork: <http://github.com/alanhogan/lessmore>
-Lessn More is a personal url shortener.
+Lessn More is a personal URL shortener.
-Features:
+### Features
* The ability to use custom short URLs (slugs), unlike Lessn
* A bookmarklet that even supports custom short URLs
@@ -17,7 +17,7 @@ Features:
* Support for more shortened URLs than Lessn
* The ability to add multiple slugs that point to the same long URL, unlike Lessn
-Attention to detail:
+#### Attention to detail
* Adding a new slug for a URL already in the database will become the "canonical"
short URL, and will be returned if you ask Lessn More (either by API or not)
@@ -32,16 +32,23 @@ Attention to detail:
on the order of O(1) (constant time).)
* Compliant with [URL shortener best practices and standards][bestp]
whenever possible
+* An easy migration script will upgrade your database
+ from an existing Lessn migration.
-An easy migration script will upgrade your database
-from an existing Lessn migration.
+#### Caveats
+* This shortener is not appropriate when there is a good chance that two or more URLs
+ will be shrunk at the same time. (Simultaneous reads are, of course, fine.)
+* Lessn More 2.0 is a new release and has not been fully tested on databases
+ other than MySQL. YMMV. Please [report any issues][issues].
[markdn]: http://bit.ly/mkdnsyntax "This document is written in Markdown."
[convert]: http://tinyurl.com/mkdnwmd "Markdown editor with instant HTML preview"
[bestp]: http://alanhogan.com/tips/rel-shortlink-for-short-urls "Everything you need to know about rel-shortlink and short URLs"
+[issues]: http://github.com/alanhogan/lessnmore/issues "Bugs & Issues on GitHub"
+
Requirements
-------------
@@ -57,17 +64,17 @@ History
### v1.0
Lessn was the original personal URL shortening service,
-written by Shaun Inman <http://shauninman.com/>. It required PHP, MySQL, and mod_rewrite.
+written by [Shaun Inman](http://shauninman.com/). It required PHP, MySQL, and mod_rewrite.
### v1.1
-Buttered URLs is a fork of Lessn by Jeremy Knope <http://github.com/jfro>.
+Buttered URLs is a Lessn [fork](http://github.com/jfro/butteredurls) by [Jeremy Knope](http://buttered-cat.com/).
Buttered URLs added logging, custom URLs, migration mechanism, and support for more database types.
### v2.0
-Lessn More is a fork of Buttered URLs by Alan Hogan <http://github.com/alanhogan>.
-Lessn More increased the robustness and flexibility of the insertion algorithm,
+Lessn More is a Buttered URLs [fork](http://github.com/alanhogan/lessnmore) by [Alan Hogan](http://alanhogan.com/).
+Lessn More increased the robustness of the insertion algorithm,
prevented slug conflicts, updated the bookmarklets, added multiple auto-shorten modes,
banned word lists, and enhanced security.
@@ -132,3 +139,8 @@ If you are upgrading from a previous version of Lessn or ButteredURLs:
1. Grab the new bookmarklets with custom short URL support!
**Congratulations.** You are running the latest version of Lessn More.
+
+Issues
+-------
+
+To report an issue or check known issues, visit [the Lessn More issue tracker on GitHub][issues].
View
2  index.php
@@ -24,7 +24,7 @@
{
// Look up slug
// TODO: Use PDO::prepare in "The other index.php"
- $stmt = $db->prepare('SELECT * FROM '.DB_PREFIX.'urls WHERE custom_url = :slug LIMIT 1');
+ $stmt = $db->prepare('SELECT * FROM '.DB_PREFIX.'urls WHERE BINARY custom_url = BINARY :slug LIMIT 1');
$stmt->execute(array('slug'=>$token));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
Please sign in to comment.
Something went wrong with that request. Please try again.