limit keys to 30 characters

Author: erikdubbelboer

common.inc.php

@@ -15,10 +15,14 @@
 
 
 $redis = new Redis();
-if (!$redis->connect($config['host'], $config['port'])) {
+
+try {
+  $redis->connect($config['host'], $config['port']);
+} catch (Exception $e) {
   die('ERROR: Could not connect to Redis');
 }
 
+
 if (isset($config['auth'])) {
   if (!$redis->auth($config['auth'])) {
     die('ERROR: Authentication failed.');

delete.php

@@ -24,7 +24,7 @@
   require 'header.inc.php';
   ?>
   <script>
-  top.location.href = top.location.pathname+'?view&key=<?=format_html($_GET['key'])?>';
+  top.location.href = top.location.pathname+'?view&key=<?=urlencode($_GET['key'])?>';
   </script>
   <?
   require 'footer.inc.php';

edit.php

@@ -5,10 +5,18 @@
 
 
 
-if (isset($_POST['type'], $_POST['key'], $_POST['value'])) {
+while (isset($_POST['type'], $_POST['key'], $_POST['value'])) {
+  if (strlen($_POST['key']) > 30) {
+    break;
+  }
+
   if ($_POST['type'] == 'string') {
     $redis->set($_POST['key'], $_POST['value']);
   } else if (($_POST['type'] == 'hash') && isset($_POST['hkey'])) {
+    if (strlen($_POST['hkey']) > 30) {
+      break;
+    }
+
     $redis->hSet($_POST['key'], $_POST['hkey'], $_POST['value']);
   } else if (($_POST['type'] == 'list') && isset($_POST['index'])) {
     $size = $redis->lSize($_POST['key']);
@@ -29,7 +37,7 @@
   require 'header.inc.php';
   ?>
   <script>
-  top.location.href = top.location.pathname+'?view&key=<?=format_html($_POST['key'])?>';
+  top.location.href = top.location.pathname+'?view&key=<?=urlencode($_POST['key'])?>';
   </script>
   <?
   require 'footer.inc.php';
@@ -74,12 +82,12 @@
 
 <p>
 <label for="key">Key:</label>
-<input type="text" name="key" id="key" size="30" <?=isset($_GET['key']) ? 'value="'.format_html($_GET['key']).'"' : ''?>>
+<input type="text" name="key" id="key" size="30" maxlength="30" <?=isset($_GET['key']) ? 'value="'.format_html($_GET['key']).'"' : ''?>>
 </p>
 
 <p id="hkeyp">
 <label for="khey">Hash key:</label>
-<input type="text" name="hkey" id="hkey" size="30" <?=isset($_GET['hkey']) ? 'value="'.format_html($_GET['hkey']).'"' : ''?>>
+<input type="text" name="hkey" id="hkey" size="30" maxlength="30" <?=isset($_GET['hkey']) ? 'value="'.format_html($_GET['hkey']).'"' : ''?>>
 </p>
 
 <p id="indexp">

index.php

@@ -36,6 +36,10 @@
 $dirs = array();
 
 foreach ($keys as $key) {
+  if (strlen($key) > 30) {
+    continue;
+  }
+
   $key = explode($config['seperator'], $key);
 
   $a = &$dirs;
@@ -76,7 +80,7 @@ function print_tree($item, $key, $all, $last) {
 
     ?>
     <li<?=empty($class) ? '' : ' class="'.implode(' ', $class).'"'?>>
-    <a href="http://github.com/?view&amp;key=%3Cspan%20class="pl-ent"><?=format_html($all)?>"><?=format_html($key)?><?
+    <a href="http://github.com/?view&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($all)?>"><?=format_html($key)?><?
 
     $len = false;
 

rename.php

@@ -5,13 +5,17 @@
 
 
 
-if (isset($_POST['old'], $_POST['key'])) {
+while (isset($_POST['old'], $_POST['key'])) {
+  if (strlen($_POST['key']) > 30) {
+    break;
+  }
+
   $redis->rename($_POST['old'], $_POST['key']);
 
   require 'header.inc.php';
   ?>
   <script>
-  top.location.href = top.location.pathname+'?view&key=<?=format_html($_POST['key'])?>';
+  top.location.href = top.location.pathname+'?view&key=<?=urlencode($_POST['key'])?>';
   </script>
   <?
   require 'footer.inc.php';

view.php

@@ -25,9 +25,9 @@
   <?
     if ($exists) {
       ?>
-      <a href="http://github.com/rename.php?key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Rename" alt="[R]"></a>
-      <a href="http://github.com/delete.php?key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>" class="delkey"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
-      <a href="http://github.com/export.php?key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>"><img src="http://github.com/images/export.png" width="16" height="16" title="Export" alt="[E]"></a>
+      <a href="http://github.com/rename.php?key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Rename" alt="[R]"></a>
+      <a href="http://github.com/delete.php?key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>" class="delkey"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
+      <a href="http://github.com/export.php?key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>"><img src="http://github.com/images/export.png" width="16" height="16" title="Export" alt="[E]"></a>
       <?
     }
   ?>
@@ -67,7 +67,7 @@
 
     <tr><td><div>Type:</div></td><td><div><?=format_html($type)?></div></td></tr>
 
-    <tr><td><div><abbr title="Time To Live">TTL</abbr>:</div></td><td><div><?=($ttl == -1) ? 'does not expire' : $ttl?> <a href="http://github.com/ttl.php?key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;ttl=<?=$ttl?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit TTL" alt="[E]" class="imgbut"></a></div></td></tr>
+    <tr><td><div><abbr title="Time To Live">TTL</abbr>:</div></td><td><div><?=($ttl == -1) ? 'does not expire' : $ttl?> <a href="http://github.com/ttl.php?key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;ttl=<?=$ttl?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit TTL" alt="[E]" class="imgbut"></a></div></td></tr>
 
     <tr><td><div>Encoding:</div></td><td><div><?=format_html($encoding)?></div></td></tr>
 
@@ -82,9 +82,9 @@
       ?>
       <table>
       <tr><td><div><?=nl2br(format_html($value))?></div></td><td><div>
-        <a href="http://github.com/edit.php?type=string&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
+        <a href="http://github.com/edit.php?type=string&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
       </div></td><td><div>
-        <a href="http://github.com/delete.php?type=string&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
+        <a href="http://github.com/delete.php?type=string&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
       </div></td></tr>
       </table>
       <?
@@ -97,9 +97,9 @@
       foreach ($values as $hkey => $value) {
         ?>
         <tr <?=$alt ? 'class="alt"' : ''?>><td><div><?=format_html($hkey)?></div></td><td><div><?=nl2br(format_html($value))?></div></td><td><div>
-          <a href="http://github.com/edit.php?type=hash&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;hkey=<?=format_html($hkey)?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
+          <a href="http://github.com/edit.php?type=hash&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;hkey=<?=urlencode($hkey)?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
         </div></td><td><div>
-          <a href="http://github.com/delete.php?type=hash&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;hkey=<?=format_html($hkey)?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
+          <a href="http://github.com/delete.php?type=hash&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;hkey=<?=urlencode($hkey)?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
         </div></td></tr>
         <?
 
@@ -116,9 +116,9 @@
 
         ?>
         <tr <?=$alt ? 'class="alt"' : ''?>><td><div><?=$i?></div></td><td><div><?=nl2br(format_html($value))?></div></td><td><div>
-          <a href="http://github.com/edit.php?type=list&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;index=<?=$i?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
+          <a href="http://github.com/edit.php?type=list&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;index=<?=$i?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
         </div></td><td><div>
-          <a href="http://github.com/delete.php?type=list&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;index=<?=$i?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
+          <a href="http://github.com/delete.php?type=list&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;index=<?=$i?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
         </div></td></tr>
         <?
 
@@ -133,9 +133,9 @@
       foreach ($values as $value) {
         ?>
         <tr <?=$alt ? 'class="alt"' : ''?>><td><div><?=nl2br(format_html($value))?></div></td><td><div>
-          <a href="http://github.com/edit.php?type=set&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;value=<?=urlencode($value)?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
+          <a href="http://github.com/edit.php?type=set&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;value=<?=urlencode($value)?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
         </div></td><td><div>
-          <a href="http://github.com/delete.php?type=set&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;value=<?=urlencode($value)?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
+          <a href="http://github.com/delete.php?type=set&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;value=<?=urlencode($value)?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
         </div></td></tr>
         <?
 
@@ -152,8 +152,8 @@
 
         ?>
         <tr <?=$alt ? 'class="alt"' : ''?>><td><div><?=$score?></div></td><td><div><?=nl2br(format_html($value))?></div></td><td><div>
-          <a href="http://github.com/edit.php?type=zset&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;score=<?=$score?>&amp;value=<?=urlencode($value)?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
-          <a href="http://github.com/delete.php?type=zset&amp;key=%3Cspan%20class="pl-ent"><?=format_html($_GET['key'])?>&amp;value=<?=urlencode($value)?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
+          <a href="http://github.com/edit.php?type=zset&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;score=<?=$score?>&amp;value=<?=urlencode($value)?>"><img src="http://github.com/images/edit.png" width="16" height="16" title="Edit" alt="[E]"></a>
+          <a href="http://github.com/delete.php?type=zset&amp;key=%3Cspan%20class="pl-ent"><?=urlencode($_GET['key'])?>&amp;value=<?=urlencode($value)?>" class="delval"><img src="http://github.com/images/delete.png" width="16" height="16" title="Delete" alt="[X]"></a>
         </div></td></tr>
         <?
 
@@ -166,7 +166,7 @@
       </table>
 
       <p>
-      <a href="http://github.com/edit.php?type=%3Cspan%20class="pl-ent"><?=$type?>&amp;key=<?=format_html($_GET['key'])?>" class="add">Add another value</a>
+      <a href="http://github.com/edit.php?type=%3Cspan%20class="pl-ent"><?=$type?>&amp;key=<?=urlencode($_GET['key'])?>" class="add">Add another value</a>
       </p>
       <?
     }