Purr: a simple Scratch URL shortener

kccuber

NFlex23 wrote:
Are you making sure to go to www.purr.ml? It works perfectly for me –

ok i found the issue here. going to just this

purr.ml

is causing the issue. you should set up a redirect for purr.ml to www.purr.ml

Made using Nord Theme & Inkscape

NFlex23

Deleted

Last edited by NFlex23 (Sept. 9, 2021 12:14:45)

Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.

Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
Issues with Scratch itself should be put in Bugs and Glitches.

Before you post: Is what you're posting likely to start an argument or derail the thread (e.g., browsers, operating systems)? If so, please re-think your post!

NFlex23

kccuber wrote:
NFlex23 wrote:
Are you making sure to go to www.purr.ml? It works perfectly for me –
ok i found the issue here. going to just this
purr.ml
is causing the issue. you should set up a redirect for purr.ml to www.purr.ml

I might switch.

Edit: currently in the process of switching.
Edit again: Never mind, replit only supports CNAMEs.

Last edited by NFlex23 (Sept. 8, 2021 21:08:18)

Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.

Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
Issues with Scratch itself should be put in Bugs and Glitches.

Before you post: Is what you're posting likely to start an argument or derail the thread (e.g., browsers, operating systems)? If so, please re-think your post!

PoIygon

YESSSSS I GOT A GOOD REDIRECT WITH A BAD URL
www.purr.ml/vaan

linearlemur

You should just randomly generate URLS.

I found out how to put letters in cloud variables! https://turbowarp.org/526557379 (I really didn't feel like sharing the project, lol)

Ciyob86

Ciyob86 wrote:
NFlex23 wrote:
Looks like someone is trying to make redirects to other pages lol:

You should use fluffyscratch authentication to log usernames.

Post Bump

Last edited by Ciyob86 (Sept. 9, 2021 00:42:25)

Chiroyce

No one saw this?!

Chiroyce wrote:
I FOUND a vulnerability!!
Harakou wrote:
True, though it seems like the other example only allowed Scratch links too. Personally I don't see it as a big problem since there's relatively little chance of nefarious use,
Harakou's URL can no longer work, right? Now how do I tell you how this is caused?

April Fools' topics:

— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji

<img src=“x” onerror=“alert('XSS vulnerability discovered')”>

this is a test sentence

gdpr5b78aa4361827f5c2a08d700

Chiroyce wrote:
No one saw this?!
Chiroyce wrote:
I FOUND a vulnerability!!
Harakou wrote:
True, though it seems like the other example only allowed Scratch links too. Personally I don't see it as a big problem since there's relatively little chance of nefarious use,
Harakou's URL can no longer work, right? Now how do I tell you how this is caused?

that's not a vulnerability, it's just a bug

Chiroyce

potatophant wrote:
that's not a vulnerability, it's just a bug

How? They shared a screenshot of quite a lot of the short URLs, so I could just delete the others as well, but I didn't. Since I wanted to tell them about it. It is vulnerable now.
unless they add auth for the /delete post request endpoint

April Fools' topics:

— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji

<img src=“x” onerror=“alert('XSS vulnerability discovered')”>

this is a test sentence

DispIay

how do you login to the admin panel?

Display

“ this guy is cool ” - Za-Chary

Chiroyce

DispIay wrote:
how do you login to the admin panel?

You cannot, only @NFlex23 can.

April Fools' topics:

— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji

<img src=“x” onerror=“alert('XSS vulnerability discovered')”>

this is a test sentence

DispIay

Chiroyce wrote:
DispIay wrote:
how do you login to the admin panel?
You cannot, only @NFlex23 can.

im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means

Last edited by DispIay (Sept. 9, 2021 08:36:27)

Display

“ this guy is cool ” - Za-Chary

Chiroyce

DispIay wrote:
im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means

Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel

April Fools' topics:

— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji

<img src=“x” onerror=“alert('XSS vulnerability discovered')”>

this is a test sentence

DispIay

Chiroyce wrote:
DispIay wrote:
im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel

I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:

Also this is the HTML for the page but with random python bits in it.
<form action=“/delete” method=“POST”>
<ul>
{% for item in lst %}
<li>{{item}} <input type=“checkbox” name=“checks” value="{{item}}“></li>
{% endfor %}
</ul>
<br>
<input type=”submit“ value=”Delete selected URLs">

Last edited by DispIay (Sept. 9, 2021 09:16:25)

Display

“ this guy is cool ” - Za-Chary

Harakou

DispIay wrote:
Chiroyce wrote:
DispIay wrote:
im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel
I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:

That's the Python module os. It's getting the value of an environment variable, so you're not going to find it in the code.

DispIay

Harakou wrote:
DispIay wrote:
Chiroyce wrote:
DispIay wrote:
im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel
I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:
That's the Python module os. It's getting the value of an environment variable, so you're not going to find it in the code.

B r u h

Display

“ this guy is cool ” - Za-Chary

NFlex23

DispIay wrote:
Harakou wrote:
DispIay wrote:
Chiroyce wrote:
DispIay wrote:
im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel
I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:
That's the Python module os. It's getting the value of an environment variable, so you're not going to find it in the code.
B r u h

I'm not going to make it easy for you to hack purr, am I? I'll probably add sha256 hashes for more security too. (Chiroyce's idea)

Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.

Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
Issues with Scratch itself should be put in Bugs and Glitches.

Before you post: Is what you're posting likely to start an argument or derail the thread (e.g., browsers, operating systems)? If so, please re-think your post!

NFlex23

Chiroyce wrote:
potatophant wrote:
that's not a vulnerability, it's just a bug
How? They shared a screenshot of quite a lot of the short URLs, so I could just delete the others as well, but I didn't. Since I wanted to tell them about it. It is vulnerable now.
unless they add auth for the /delete post request endpoint

Deleted, wrong post replied to.

Last edited by NFlex23 (Sept. 9, 2021 12:06:08)

Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.

Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
Issues with Scratch itself should be put in Bugs and Glitches.

Before you post: Is what you're posting likely to start an argument or derail the thread (e.g., browsers, operating systems)? If so, please re-think your post!

NFlex23

Chiroyce wrote:
potatophant wrote:
that's not a vulnerability, it's just a bug
How? They shared a screenshot of quite a lot of the short URLs, so I could just delete the others as well, but I didn't. Since I wanted to tell them about it. It is vulnerable now.
unless they add auth for the /delete post request endpoint

Nevermind, I think having an admin panel is a bad idea.

Last edited by NFlex23 (Sept. 9, 2021 11:43:53)

Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.

Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
Issues with Scratch itself should be put in Bugs and Glitches.

Before you post: Is what you're posting likely to start an argument or derail the thread (e.g., browsers, operating systems)? If so, please re-think your post!

Quantum-Cat

I think it would be better if it included the ID of a project/studio to at least have some kind of knowledge on where the link is taking you.

Notice: Everything below the solid grey line (↑↑) above is my signature and appears on every post I make. Here, it is okay for you to advertise
your projects and other creations. To create your own, scroll to the bottom of the Discussion Home page and select “change your signature”.
I aplogise if I seem a bit too serious on the forums, but I am always open to feedback on my profile.
Past PPTBF Curator || Forum Helper (TFH) || Some Python, HTML and C
————————————————————————————

————————————————————————————
Quantum-Cat

Discuss Scratch