Skip to content
Permalink
Browse files

Updated ToS, various fixes

  • Loading branch information...
millinon committed Nov 30, 2016
1 parent 39928d2 commit c818f7fa52ed5c7a9be1bf532b23db96970be07a
Showing with 33 additions and 29 deletions.
  1. +1 −1 README.md
  2. +5 −3 bin/putText.hh
  3. +1 −2 robots.txt
  4. +12 −7 tos.txt
  5. +1 −2 www/error.hh
  6. +1 −1 www/include/api/api.hh
  7. +9 −5 www/include/helpers.hh
  8. +3 −1 www/main.hh
  9. +0 −7 www/result.hh
@@ -98,7 +98,7 @@ Once the key has been selected and the data uploaded, the user is presented with

### Link forwarding process

When a request is submitted to `go.hh`, the key is extracted as someURI in the URL: "https://jump.wtf/someURI" (where someURI matches the regular expression "^[A-Za-z0-9]{4}$").
When a request is submitted to `go.hh`, the key is extracted as someURI in the URL: "https://jump.wtf/someURI" (where someURI matches the regular expression "^[A-Za-z0-9]{2,}$").

They key is then queried as the primary index from the DynamoDB table. Since public file uploads are stored as a CDN-backed link, public files and links are handled in the same manner. If the link is to a private file, `go.hh` generates a signed URL to the file in the private S3 bucket, only valid for fifteen minutes. This is to prevent direct linking to the file in S3, which would make it impossible to track the number of clicks on a private link.

@@ -5,6 +5,8 @@ set_include_path(dirname(__FILE__).'/../www/include');
require ('api/api.hh');
require_once ('helpers.hh');
if (!isset($argv)) {
echo 'Run this from the command line';
exit(1);
@@ -75,8 +77,8 @@ if ($inuse) {
[
'DistributionId' => aws_config::CF_DIST_ID,
'InvalidationBatch' => [
'CallerReference' => 'jump.wtf-putfile-'.$key.'.'.rand(0, 8),
'Paths' => ['Quantity' => 1, 'Items' => ['/'.$key.$ext]],
'CallerReference' => 'jump.wtf-puttext-'.$key.'.'.rand(0, 8),
'Paths' => ['Quantity' => 1, 'Items' => ['/'.$key.'.*']],
],
],
);
@@ -89,7 +91,7 @@ if ($inuse) {
echo
json_encode(
['success' => true, 'url' => jump_config::base_url().$key],
['success' => true, 'url' => base_url().$key],
JSON_PRETTY_PRINT,
).
"\n"
@@ -1,3 +1,2 @@
User-agent: *
Disallow: /admin/
Disallow: /cgi-bin/
Disallow: /a
19 tos.txt
@@ -26,16 +26,21 @@ https://jump.wtf/a?action=jumpTo&jump-key=tos

2) Liability

JUMP.WTF does not host content that is submitted as a URL, but only
redirects to the long-form URL. Any files hosted by JUMP.WTF are submitted
by users.

You are solely responsible for any URLs or files that you choose to
submit, or choose to send to another person. If I receieve any complaint
regarding content hosted at a JUMP.WTF URL or as a file on JUMP.WTF, it may be
removed. By uploading a URL or file, you agree that you have the rights to do
so. Attempting any sort of malicious submission or tampering with the provided
services revokes your right to submit URLs or files.

Likewise, if you learn of a URL or file that has been illegally
submitted, contact me at dmca@jump.wtf with the ID of the offending
content, and it will be immediately removed should your complaint be valid.
Likewise, if you learn of a malicious or illegal URL or file
that has been submitted, contact me at dmca@jump.wtf with the ID of the
offending content, and it will be immediately removed should your complaint
be valid.

3) Privacy

@@ -45,7 +50,7 @@ If you opt to submit an optional password for future deletion, a
hashed version of that password will be stored.

I may periodically check logs of files uplodaded and URLs generated to
assess the site performance, but this data will never be sold or transferred
assess the site activity, but this data will never be sold or transferred
to any other third party, with the exception of a situation in which I am
legally required to. No other identifying information is ever stored.

@@ -60,9 +65,9 @@ person could find your content. If this is a concern, you can email me, and I
can assign your content a longer URL that will be essentially impossible to
guess.

I will never look at a URL generated for your content or the content
you submit, again unless I am legally required to review it. I do not receive
any kind of notification when content is submitted.
I may use tools to investigate what a URL points to, and may check
files or links that have been submitted, if I determine that a link requires
investigation for any reason. I do not receive notification of link creation.

If you decide at a later time that you wish to delete submitted
content, but you did not set a password or do not remember the password, you
@@ -25,8 +25,7 @@ function error_message(int $status): mixed {
case 409:
return
<p>
The link you were looking for has been marked as possibly dangerous.
<br />
The link you clicked has been flagged. Sorry! <br />
</p>;

default:
@@ -872,7 +872,7 @@ class jump_api {
}

if (filter_url($url)) {
if (isset($item['IP'])) {
if (!in_tor() && isset($item['IP'])) {
if ($item['IP']['S'] != $_SERVER['REMOTE_ADDR']) {
return self::error(
"This link has been flagged as possibly malicious.",
@@ -24,13 +24,17 @@ function base_url(): string {

// return true if it's a bad url
function filter_url(string $url): bool {

$parsed = parse_url($url);

if (!empty(jump_config::$banned_hosts) &&
preg_match(
'/'.implode('|', jump_config::$banned_hosts).'/i',
$parsed['host'],
) == 1) {
if (empty($parsed['host']) ||
(!empty(jump_config::$banned_hosts) &&
preg_match(
// this is just a regex of all the hostnames
'/'.implode('|', jump_config::$banned_hosts).'/i',
// this is the URL's hostname
$parsed['host'],
) == 1)) {
return true;
} else if (!empty(jump_config::$banned_terms) &&
preg_match(
@@ -2,6 +2,8 @@

set_include_path(get_include_path().PATH_SEPARATOR.__DIR__.'/include');

require_once ('helpers.hh');

function main(): void {

$matches = array();
@@ -30,7 +32,7 @@ function main(): void {
} else if ($uri !== '') {
require ('go.hh');
g_main($uri);
} else /*if ($uri === "")*/ {
} else {
require ('index.hh');
i_main();
}
@@ -180,13 +180,6 @@ function r_main(): void {
</div>
{gen_footer()}
{gen_footer_scripts()}
<script
src=
{"//".
jump_config::CDN_HOST.
"/js/".
file_get_contents("htdocs/js/clip.js.latest")}>
</script>
</body>;
if (isset($_SESSION['url'])) {
$body->appendChild(

0 comments on commit c818f7f

Please sign in to comment.
You can’t perform that action at this time.