Switch branches/tags
RELEASE_4_7_0 RELEASE_4_7_0RC1 RELEASE_4_7_0BETA1 RELEASE_4_6_6 RELEASE_4_6_5_2 RELEASE_4_6_5_1 RELEASE_4_6_5 RELEASE_4_6_4 RELEASE_4_6_3 RELEASE_4_6_2 RELEASE_4_6_1 RELEASE_4_6_0 RELEASE_4_6_0RC2 RELEASE_4_6_0RC1 RELEASE_4_6_0ALPHA1 RELEASE_4_5_5_1 RELEASE_4_5_5 RELEASE_4_5_4_1 RELEASE_4_5_4 RELEASE_4_5_3_1 RELEASE_4_5_3 RELEASE_4_5_2 RELEASE_4_5_1 RELEASE_4_5_0_2 RELEASE_4_5_0_1 RELEASE_4_5_0 RELEASE_4_5_0RC1 RELEASE_4_4_15_10 RELEASE_4_4_15_9 RELEASE_4_4_15_8 RELEASE_4_4_15_7 RELEASE_4_4_15_6 RELEASE_4_4_15_5 RELEASE_4_4_15_4 RELEASE_4_4_15_3 RELEASE_4_4_15_2 RELEASE_4_4_15_1 RELEASE_4_4_15 RELEASE_4_4_14_1 RELEASE_4_4_14 RELEASE_4_4_13_1 RELEASE_4_4_13 RELEASE_4_4_12 RELEASE_4_4_11 RELEASE_4_4_10 RELEASE_4_4_9 RELEASE_4_4_8 RELEASE_4_4_7 RELEASE_4_4_6_1 RELEASE_4_4_6 RELEASE_4_4_5 RELEASE_4_4_4 RELEASE_4_4_3 RELEASE_4_4_2 RELEASE_4_4_1_1 RELEASE_4_4_1 RELEASE_4_4_0 RELEASE_4_4_0ALPHA1 RELEASE_4_3_13_3 RELEASE_4_3_13_2 RELEASE_4_3_13_1 RELEASE_4_3_13 RELEASE_4_3_12 RELEASE_4_3_11_1 RELEASE_4_3_11 RELEASE_4_3_10 RELEASE_4_3_9 RELEASE_4_3_8 RELEASE_4_3_7 RELEASE_4_3_6 RELEASE_4_3_5 RELEASE_4_3_4 RELEASE_4_3_3 RELEASE_4_3_2 RELEASE_4_3_1 RELEASE_4_3_0 RELEASE_4_3_0RC2 RELEASE_4_3_0RC1 RELEASE_4_3_0BETA1 RELEASE_4_3_0ALPHA1 RELEASE_4_2_13_3 RELEASE_4_2_13_2 RELEASE_4_2_13_1 RELEASE_4_2_13 RELEASE_4_2_12 RELEASE_4_2_11 RELEASE_4_2_10_1 RELEASE_4_2_10 RELEASE_4_2_9_1 RELEASE_4_2_9 RELEASE_4_2_8_1 RELEASE_4_2_8 RELEASE_4_2_7_1 RELEASE_4_2_7 RELEASE_4_2_6 RELEASE_4_2_5 RELEASE_4_2_4 RELEASE_4_2_3 RELEASE_4_2_2 RELEASE_4_2_1
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
44 lines (39 sloc) 1.29 KB
/* vim: set expandtab sw=4 ts=4 sts=4: */
* URL redirector to avoid leaking Referer with some sensitive information.
* @package PhpMyAdmin
use PhpMyAdmin\Core;
use PhpMyAdmin\Sanitize;
use PhpMyAdmin\Response;
* Gets core libraries and defines some variables
define('PMA_MINIMUM_COMMON', true);
require_once './libraries/';
// Only output the http headers
$response = Response::getInstance();
if (! Core::isValid($_REQUEST['url'])
|| ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
|| ! Core::isAllowedDomain($_REQUEST['url'])
) {
} else {
// JavaScript redirection is necessary. Because if header() is used
// then web browser sometimes does not change the HTTP_REFERER
// field and so with old URL as Referer, token also goes to
// external site.
echo "<script type='text/javascript'>
window.location='" , Sanitize::escapeJsString($_REQUEST['url']) , "';
// Display redirecting msg on screen.
// Do not display the value of $_REQUEST['url'] to avoid showing injected content
echo __('Taking you to the target site.');