Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

- "require" is a PHP language construct and thus should not use paren…

…thesis.

- Every code path ends with a call to redirect(), no need to have this as a function (also fixes issue #3).
- Your usage of rtrim() on the slug is weird at best. I'm guessing that you want to filter these characters out. This version only allows characters and numbers.
- The redirect to Twitter uses the unescaped request URI. Tweets with an ID < 10m are rare enough to disregard (filters out false positives).
- Your database-related constants are named oddly. You're connecting to *MySQL* through the *MySQLi* interface. It's still the MySQL username.
- "SET NAMES" is deprecated in favor of the set_charset member function.
- You escape the $slug variable twice (trice when there's a hit). It's not like that's going to make it any safer.
- You should never use backticks around field and table names in a MySQL query. It's a bit eeeuw.
- The hit-counter can perfectly be within the conditional code. No need to break functionality if we can't update.
- Always shut down the database connections you open. This also cleans up used query memory.
- Provide some fallbacks for proxies which filter out redirects;
 (1) a <meta> refresh to the designated URL
 (2) a JavaScript-based redirect, in try/catch for origin reasons.
 (3) a text-link for those that still fail.
  • Loading branch information...
commit 213a24a11e8a333e8f34dda9a4eebd83e149fd22 1 parent 38a75a9
@beverloo beverloo authored
Showing with 46 additions and 24 deletions.
  1. +46 −24 index.php
View
70 index.php
@@ -1,28 +1,50 @@
<?php
+require 'config.php';
-require('config.php');
-
-function redirect($url) {
- header('Location: ' . $url, null, 301);
- die();
-}
-
-if (isset($_GET['slug'])) {
- $slug = rtrim($_GET['slug'], '!"#$%&\'()*+,-./@:;<=>[\\]^_`{|}~');
- if (is_numeric($slug) && strlen($slug) > 3) {
- redirect('http://twitter.com/' . TWITTER_USERNAME . '/status' . $_SERVER['REQUEST_URI']);
- }
- $db = new mysqli(MYSQLI_HOST, MYSQLI_USER, MYSQLI_PASSWORD, MYSQLI_DATABASE);
- $db->query('SET NAMES "utf8"');
- $slug = $db->real_escape_string($slug);
- $result = $db->query('SELECT `url` FROM `redirect` WHERE `slug` = "' . $db->real_escape_string($slug) . '"');
- if ($result && $result->num_rows > 0 && $db->query('UPDATE `redirect` SET `hits` = `hits` + 1 WHERE `slug` = "' . $db->real_escape_string($slug) . '"')) {
- redirect($result->fetch_object()->url);
- } else {
- redirect(DEFAULT_URL . $_SERVER['REQUEST_URI']);
- }
-} else {
- redirect(DEFAULT_URL . '/');
+$redirectDestination = DEFAULT_URL . '/';
+if (isset ($_GET ['slug']))
+{
+ $slug = preg_replace ('/[^a-z0-9]/si', '', $_GET ['slug']);
+ if (is_numeric ($slug) && strlen ($slug) > 8)
+ {
+ $redirectDestination = 'http://twitter.com/' . TWITTER_USERNAME . '/status/' . $slug;
+ }
+ else
+ {
+ $database = new MySQLi (MYSQLI_HOST, MYSQLI_USER, MYSQLI_PASSWORD, MYSQLI_DATABASE);
+ $database -> set_charset ('utf8');
+
+ $escapedSlug = $database -> real_escape_string ($slug);
+ $redirectResult = $database -> query ('SELECT url FROM redirect WHERE slug="' . $escapedSlug . '"');
+
+ if ($redirectResult !== false && $redirectResult -> num_rows != 0)
+ {
+ $database -> query ('UPDATE redirect SET hits=hits+1 WHERE slug="' . $escapedSlug . '"');
+ $redirectDestination = $redirectResult -> fetch_object () -> url;
+ }
+ else
+ {
+ $redirectDestination = DEFAULT_URL . $_SERVER ['REQUEST_URI'];
+ }
+
+ $database -> close ();
+ }
}
-?>
+Header ('Location: ' . $redirectDestination, null, 301);
+?>
+<!doctype html>
+<html lang="en">
+ <head>
+ <title>Redirecting…</title>
+ <meta http-equiv="refresh" content="0; URL=<?php echo $redirectDestination; ?>" />
+ <script>
+ try {
+ document.location.href = "<?php echo $redirectDestination; ?>";
+ } catch (ex) {}
+ </script>
+ </head>
+ <body>
+ <a href="<?php echo $redirectDestination; ?>">Click here to continue…</a>
+ </body>
+</html>
Please sign in to comment.
Something went wrong with that request. Please try again.