Secured UrlShortener against tampering by using hashes instead of ids (#1549)
- Note that the database upgrade tool must be run after loading this commit to ensure that the shortlinks table's hash column is correctly populated.
Showing
- config/vufind/config.ini 6 additions, 0 deletionsconfig/vufind/config.ini
- module/VuFind/sql/migrations/pgsql/7.0/001-modify-shortlinks.sql 3 additions, 0 deletions...VuFind/sql/migrations/pgsql/7.0/001-modify-shortlinks.sql
- module/VuFind/sql/mysql.sql 3 additions, 1 deletionmodule/VuFind/sql/mysql.sql
- module/VuFind/sql/pgsql.sql 2 additions, 1 deletionmodule/VuFind/sql/pgsql.sql
- module/VuFind/src/VuFind/Controller/UpgradeController.php 39 additions, 0 deletionsmodule/VuFind/src/VuFind/Controller/UpgradeController.php
- module/VuFind/src/VuFind/Crypt/Base62.php 103 additions, 0 deletionsmodule/VuFind/src/VuFind/Crypt/Base62.php
- module/VuFind/src/VuFind/UrlShortener/Database.php 131 additions, 49 deletionsmodule/VuFind/src/VuFind/UrlShortener/Database.php
- module/VuFind/src/VuFind/UrlShortener/DatabaseFactory.php 10 additions, 2 deletionsmodule/VuFind/src/VuFind/UrlShortener/DatabaseFactory.php
- module/VuFind/tests/unit-tests/src/VuFindTest/Crypt/Base62Test.php 89 additions, 0 deletions...Find/tests/unit-tests/src/VuFindTest/Crypt/Base62Test.php
- module/VuFind/tests/unit-tests/src/VuFindTest/UrlShortener/DatabaseTest.php 94 additions, 19 deletions...s/unit-tests/src/VuFindTest/UrlShortener/DatabaseTest.php
Please register or sign in to comment