prevent Knurl from redirecting to itself

Sanitising the input when the form is validated would seem to be easy for a single site, but here's the rub:

Any 2 sites using this module could be used to DOS the other (presumably with a 'winner' and a 'loser' as one of them gets knocked off and stops DOS'ing the other.)

So hopefully a patch will take this into account as well.

- Forest Mars

Anybody have an idea or patch for this?

I don't really see how this can be avoided. I mean i could add validation to prevent the user from making a link from an existing link (on the specific site) but there is no way I can think of to detect if they are linking to another similar service elsewhere.

On the other hand, only users with permission can create links so the motivation to actually do this would be pretty low.

If anyone has some input or ideas let me know.

As mentioned, fixing the "local" (single site) version of this problem is simple. I agree that it's tough to think of a valid case for exploiting this remotely, though. With that said however, it shouldn't be too hard to implement flood control on the redirected link or check the referer against the target as @christefano mentioned. If going the flood control route, I'd think it should be a configurable option.

Will get to this at some point down the road, if anyone would like to patch against the current release please do so.