Discuss Scratch
- Discussion Forums
- » Advanced Topics
- » Purr: a simple Scratch URL shortener
- kccuber
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
www.purr.ml? It works perfectly for me –ok i found the issue here. going to just this Are you making sure to go to
purr.ml
- NFlex23
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
Deleted
Last edited by NFlex23 (Sept. 9, 2021 12:14:45)
Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.
- Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
- The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
- Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
- Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
- Issues with Scratch itself should be put in Bugs and Glitches.
- NFlex23
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
I might switch.www.purr.ml? It works perfectly for me –ok i found the issue here. going to just this Are you making sure to go tois causing the issue. you should set up a redirect for purr.ml to www.purr.mlpurr.ml
Edit: currently in the process of switching.
Edit again: Never mind, replit only supports CNAMEs.
Last edited by NFlex23 (Sept. 8, 2021 21:08:18)
Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.
- Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
- The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
- Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
- Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
- Issues with Scratch itself should be put in Bugs and Glitches.
- linearlemur
- Scratcher
500+ posts
Purr: a simple Scratch URL shortener
You should just randomly generate URLS.
I found out how to put letters in cloud variables! https://turbowarp.org/526557379 (I really didn't feel like sharing the project, lol)
- Ciyob86
- Scratcher
500+ posts
Purr: a simple Scratch URL shortener
Post BumpYou should use fluffyscratch authentication to log usernames. Looks like someone is trying to make redirects to other pages lol:
Last edited by Ciyob86 (Sept. 9, 2021 00:42:25)
- Chiroyce
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
No one saw this?!
I FOUND a vulnerability!!relatively little chance of nefarious use,Harakou's URL can no longer work, right? Now how do I tell you how this is caused? True, though it seems like the other example only allowed Scratch links too. Personally I don't see it as a big problem since there's
April Fools' topics:
— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji
<img src=“x” onerror=“alert('XSS vulnerability discovered')”>
this is a test sentence
- gdpr5b78aa4361827f5c2a08d700
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
that's not a vulnerability, it's just a bug No one saw this?!I FOUND a vulnerability!!relatively little chance of nefarious use,Harakou's URL can no longer work, right? Now how do I tell you how this is caused? True, though it seems like the other example only allowed Scratch links too. Personally I don't see it as a big problem since there's
- Chiroyce
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
How? They shared a screenshot of quite a lot of the short URLs, so I could just delete the others as well, but I didn't. Since I wanted to tell them about it. It is vulnerable now. that's not a vulnerability, it's just a bug
unless they add auth for the /delete post request endpoint
April Fools' topics:
— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji
<img src=“x” onerror=“alert('XSS vulnerability discovered')”>
this is a test sentence
- DispIay
- New to Scratch
28 posts
Purr: a simple Scratch URL shortener
how do you login to the admin panel?
Display
“ this guy is cool ” - Za-Chary
“ this guy is cool ” - Za-Chary
- Chiroyce
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
You cannot, only @NFlex23 can. how do you login to the admin panel?
April Fools' topics:
— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji
<img src=“x” onerror=“alert('XSS vulnerability discovered')”>
this is a test sentence
- DispIay
- New to Scratch
28 posts
Purr: a simple Scratch URL shortener
im trying to look through the code and im trying to figure out whatYou cannot, only @NFlex23 can. how do you login to the admin panel?
if request.form == os.environ:
means
Last edited by DispIay (Sept. 9, 2021 08:36:27)
Display
“ this guy is cool ” - Za-Chary
“ this guy is cool ” - Za-Chary
- Chiroyce
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
April Fools' topics:
— New Buildings in Scratch's headquarters
— Give every Scratcher an M1 MacBook Air
— Scratch should let users edit other Scratchers' projects
— Make a statue for Jeffalo
— Scratch Tech Tips™
— Make a Chiroyce statue emoji
<img src=“x” onerror=“alert('XSS vulnerability discovered')”>
this is a test sentence
- DispIay
- New to Scratch
28 posts
Purr: a simple Scratch URL shortener
I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Also this is the HTML for the page but with random python bits in it.
<form action=“/delete” method=“POST”>
<ul>
{% for item in lst %}
<li>{{item}} <input type=“checkbox” name=“checks” value="{{item}}“></li>
{% endfor %}
</ul>
<br>
<input type=”submit“ value=”Delete selected URLs">
Last edited by DispIay (Sept. 9, 2021 09:16:25)
Display
“ this guy is cool ” - Za-Chary
“ this guy is cool ” - Za-Chary
- Harakou
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
That's the Python module os. It's getting the value of an environment variable, so you're not going to find it in the code.I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
- DispIay
- New to Scratch
28 posts
Purr: a simple Scratch URL shortener
B r u hThat's the Python module os. It's getting the value of an environment variable, so you're not going to find it in the code.I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Display
“ this guy is cool ” - Za-Chary
“ this guy is cool ” - Za-Chary
- NFlex23
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
I'm not going to make it easy for you to hack purr, am I? I'll probably add sha256 hashes for more security too. (Chiroyce's idea)B r u hThat's the Python module os. It's getting the value of an environment variable, so you're not going to find it in the code.I figured out something, There’s a thing at the top called “import os” and I think the password is in there. All I need to know is where “os” is. Also it’s if request.form['pass'] == os.environ['PASS']:Basically request.form contains what the user entered, and os.environ is the password, if what the user entered matches the password, they're give access to the admin panel im trying to look through the code and im trying to figure out what
if request.form == os.environ:
means
Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.
- Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
- The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
- Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
- Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
- Issues with Scratch itself should be put in Bugs and Glitches.
- NFlex23
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
Deleted, wrong post replied to.How? They shared a screenshot of quite a lot of the short URLs, so I could just delete the others as well, but I didn't. Since I wanted to tell them about it. It is vulnerable now. that's not a vulnerability, it's just a bug
unless they add auth for the /delete post request endpoint
Last edited by NFlex23 (Sept. 9, 2021 12:06:08)
Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.
- Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
- The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
- Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
- Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
- Issues with Scratch itself should be put in Bugs and Glitches.
- NFlex23
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
Nevermind, I think having an admin panel is a bad idea.How? They shared a screenshot of quite a lot of the short URLs, so I could just delete the others as well, but I didn't. Since I wanted to tell them about it. It is vulnerable now. that's not a vulnerability, it's just a bug
unless they add auth for the /delete post request endpoint
Last edited by NFlex23 (Sept. 9, 2021 11:43:53)
Help improve the Advanced Topics (Really!)
Before you create a topic:
Always search for duplicates or other similar topics before making an umbrella topic, e.g., “The Mac Topic”.
- Is it about something you are planning on making but haven't made yet? If so, please wait to post until you have created a working prototype. This is a key factor to keeping the ATs as clean as possible.
- The ATs aren't technical support. It is perfectly valid to ask questions about things related to programming, but not issues with external websites, apps, or devices. Most sites have their own support system; try asking there!
- Is it related to something you are making in Scratch? (This includes OSes and other Scratch projects) If so, please post in Collaboration, Show and Tell, or another similar forum.
- Is your topic questionably “advanced”? Try browsing the other forums to see if your topic fits better in one of those.
- Issues with Scratch itself should be put in Bugs and Glitches.
- Quantum-Cat
- Scratcher
1000+ posts
Purr: a simple Scratch URL shortener
I think it would be better if it included the ID of a project/studio to at least have some kind of knowledge on where the link is taking you.
Notice: Everything below the solid grey line (↑↑) above is my signature and appears on every post I make. Here, it is okay for you to advertise
your projects and other creations. To create your own, scroll to the bottom of the Discussion Home page and select “change your signature”.
I aplogise if I seem a bit too serious on the forums, but I am always open to feedback on my profile.
Past PPTBF Curator || Forum Helper (TFH) || Some Python, HTML and C
————————————————————————————
————————————————————————————
Quantum-Cat
- Discussion Forums
- » Advanced Topics
- » Purr: a simple Scratch URL shortener