From 5fc8494ea93f820a64d3c2215885c7792a9e9c58 Mon Sep 17 00:00:00 2001 From: DBX12 Date: Fri, 18 Oct 2019 09:39:11 +0200 Subject: [PATCH 1/4] Add LinkHelper::checkIfShortlinkIsRegisteredRoute() --- app/Helpers/LinkHelper.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/app/Helpers/LinkHelper.php b/app/Helpers/LinkHelper.php index 5abd67528..40915dff2 100644 --- a/app/Helpers/LinkHelper.php +++ b/app/Helpers/LinkHelper.php @@ -142,4 +142,21 @@ static public function findSuitableEnding() { return $base_x_val; } + + /** + * Checks if the ending is a registered route + * @param string $ending the requested ending + * @return bool true - it is a registered route; false - it is not + */ + static public function checkIfShortlinkIsRegisteredRoute($ending) + { + $routes = property_exists(app(), 'router') ? app()->router->getRoutes() : app()->getRoutes(); + foreach ($routes as $route) { + $routeName = (isset($route['action']['as'])) ? $route['action']['as'] : ''; + if ($ending === $routeName) { + return true; + } + } + return false; + } } From 9f97d8094e90552d6132749dd6bbe97730e11025 Mon Sep 17 00:00:00 2001 From: DBX12 Date: Fri, 18 Oct 2019 09:39:44 +0200 Subject: [PATCH 2/4] Use LinkHelper::checkIfShortlinkIsRegisteredRoute() in LinkFactory --- app/Factories/LinkFactory.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/Factories/LinkFactory.php b/app/Factories/LinkFactory.php index 7ff2bda5d..998b33f9e 100644 --- a/app/Factories/LinkFactory.php +++ b/app/Factories/LinkFactory.php @@ -48,6 +48,10 @@ public static function createLink($long_url, $is_secret=false, $custom_ending=nu maximum length allowed.'); } + if (LinkHelper::checkIfShortlinkIsRegisteredRoute($custom_ending)) { + throw new \Exception('Sorry, but your ending is a prohibited ending'); + } + $is_already_short = LinkHelper::checkIfAlreadyShortened($long_url); if ($is_already_short) { From d64be1fbd16c2e8adf5724322459bfb678364762 Mon Sep 17 00:00:00 2001 From: DBX12 Date: Fri, 18 Oct 2019 09:40:14 +0200 Subject: [PATCH 3/4] Prevent usage of the directories in the public folder as well Shorting a link to DOMAIN.TLD/js is now forbidden --- app/Helpers/LinkHelper.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/app/Helpers/LinkHelper.php b/app/Helpers/LinkHelper.php index 40915dff2..594266eaa 100644 --- a/app/Helpers/LinkHelper.php +++ b/app/Helpers/LinkHelper.php @@ -150,7 +150,11 @@ static public function findSuitableEnding() { */ static public function checkIfShortlinkIsRegisteredRoute($ending) { - $routes = property_exists(app(), 'router') ? app()->router->getRoutes() : app()->getRoutes(); + $publicDirectories = ['css', 'directives', 'fonts', 'img', 'js']; + if (in_array($ending, $publicDirectories, true)) { + return true; + } + $routes = property_exists(app(), 'router') ? app()->router->getRoutes() : app()->getRoutes(); foreach ($routes as $route) { $routeName = (isset($route['action']['as'])) ? $route['action']['as'] : ''; if ($ending === $routeName) { From 56c830f214012425268808ec762d9c01255239d0 Mon Sep 17 00:00:00 2001 From: DBX12 Date: Fri, 18 Oct 2019 09:41:39 +0200 Subject: [PATCH 4/4] Test for prohibited ending during link creation --- tests/LinkFactoryTest.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 tests/LinkFactoryTest.php diff --git a/tests/LinkFactoryTest.php b/tests/LinkFactoryTest.php new file mode 100644 index 000000000..340e45101 --- /dev/null +++ b/tests/LinkFactoryTest.php @@ -0,0 +1,16 @@ +setExpectedException(\Exception::class, 'Sorry, but your ending is a prohibited ending'); + LinkFactory::createLink('https://example.org', true, 'login', '127.0.0.1', false, true); + + $this->setExpectedException(\Exception::class, 'Sorry, but your ending is a prohibited ending'); + LinkFactory::createLink('https://example.org', true, 'js', '127.0.0.1', false, true); + } +} \ No newline at end of file