2016-10-22 14:57:10 +00:00
|
|
|
<?php
|
|
|
|
|
/* vim: set expandtab sw=4 ts=4 sts=4: */
|
|
|
|
|
/**
|
|
|
|
|
* URL redirector to avoid leaking Referer with some sensitive information.
|
|
|
|
|
*
|
|
|
|
|
* @package PhpMyAdmin
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Gets core libraries and defines some variables
|
|
|
|
|
*/
|
|
|
|
|
define('PMA_MINIMUM_COMMON', true);
|
|
|
|
|
require_once './libraries/common.inc.php';
|
|
|
|
|
/**
|
|
|
|
|
* JavaScript escaping.
|
|
|
|
|
*/
|
|
|
|
|
require_once './libraries/js_escape.lib.php';
|
2017-04-20 10:55:30 +00:00
|
|
|
require_once './libraries/Response.class.php';
|
2016-10-22 14:57:10 +00:00
|
|
|
|
|
|
|
|
// Only output the http headers
|
2017-04-20 10:55:30 +00:00
|
|
|
$response = PMA_Response::getInstance();
|
2016-10-22 14:57:10 +00:00
|
|
|
$response->getHeader()->sendHttpHeaders();
|
|
|
|
|
$response->disable();
|
|
|
|
|
|
2017-04-20 10:55:30 +00:00
|
|
|
if (! PMA_isValid($_GET['url'])
|
|
|
|
|
|| ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])
|
|
|
|
|
|| ! PMA_isAllowedDomain($_GET['url'])
|
2016-10-22 14:57:10 +00:00
|
|
|
) {
|
2017-04-20 10:55:30 +00:00
|
|
|
header('Location: ' . $cfg['PmaAbsoluteUri']);
|
2016-10-22 14:57:10 +00:00
|
|
|
} else {
|
|
|
|
|
// JavaScript redirection is necessary. Because if header() is used
|
|
|
|
|
// then web browser sometimes does not change the HTTP_REFERER
|
|
|
|
|
// field and so with old URL as Referer, token also goes to
|
|
|
|
|
// external site.
|
|
|
|
|
echo "<script type='text/javascript'>
|
|
|
|
|
window.onload=function(){
|
2017-04-20 10:55:30 +00:00
|
|
|
window.location='" . PMA_escapeJsString($_GET['url']) . "';
|
2016-10-22 14:57:10 +00:00
|
|
|
}
|
|
|
|
|
</script>";
|
|
|
|
|
// Display redirecting msg on screen.
|
2017-04-20 10:55:30 +00:00
|
|
|
printf(__('Taking you to %s.'), htmlspecialchars($_GET['url']));
|
2016-10-22 14:57:10 +00:00
|
|
|
}
|
|
|
|
|
die();
|
2017-04-20 10:55:30 +00:00
|
|
|
?>
|
