Skip to content

[Bug] Short-code generation TOCTOU — retry on unique-key collision #124

Open
Open
[Bug] Short-code generation TOCTOU — retry on unique-key collision#124
Labels
bugSomething isn't workingcomponent-BComponent B: Shortlink Domain (g2my.link)component-sharedShared infrastructure across all componentspriority-highHigh priority
Milestone
v1.0.0 — Launch Hardening
@Salem874

Description

@Salem874
Salem874
opened on Jun 4, 2026

Problem

sp_generateShortCode is check-then-insert with no retry on a UQ_shortcode_org collision; concurrent creates can surface a generic failure instead of producing a fresh code.

Affected

  • web/_sql/procedures/sp_generateShortCode.sql
  • web/Go2My.Link/_functions/shorturl_create.php (createShortURL())

Fix

Make creation atomic, or catch mysqli errno 1062 in createShortURL() and retry sp_generateShortCode a bounded number of times.

Acceptance criteria

  • Concurrent create requests never fail due to a code collision (bounded retry).

From the 2026-06-04 schema review — see docs/SCHEMA_REVIEW_2026-06-04.md.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcomponent-BComponent B: Shortlink Domain (g2my.link)component-sharedShared infrastructure across all componentspriority-highHigh priority

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions