Skip to content

Commit

Permalink
Merge pull request #17676 from MauricioFauth/url-route
Browse files Browse the repository at this point in the history 
Extract `url.php` entry point into a route
  • Loading branch information
@MauricioFauth
MauricioFauth committed Aug 6, 2022
2 parents c3de73a + 75cf045 commit 2d41333
Show file tree
Hide file tree
Showing 21 changed files with 61 additions and 96 deletions.
2 changes: 1 addition & 1 deletion js/src/modules/git-info.js
View file
Expand Up @@ -43,7 +43,7 @@ const GitInfo = {
if (data && data.version && data.date) {
const current = GitInfo.parseVersionString($('span.version').text());
const latest = GitInfo.parseVersionString(data.version);
const url = './url.php?url=https://www.phpmyadmin.net/files/' + Functions.escapeHtml(encodeURIComponent(data.version)) + '/';
const url = 'index.php?route=/url&url=https://www.phpmyadmin.net/files/' + Functions.escapeHtml(encodeURIComponent(data.version)) + '/';
let versionInformationMessage = document.createElement('span');
versionInformationMessage.className = 'latest';
const versionInformationMessageLink = document.createElement('a');
Expand Down
6 changes: 5 additions & 1 deletion libraries/classes/Common.php
View file
Expand Up @@ -95,7 +95,7 @@ public static function run(): void
$request = self::getRequest();
$route = $request->getRoute();

if ($route === '/import-status') {
if ($route === '/import-status' || $route === '/url') {
$GLOBALS['isMinimumCommon'] = true;
}

Expand Down Expand Up @@ -209,6 +209,10 @@ public static function run(): void
$GLOBALS['containerBuilder']->set('theme_manager', ThemeManager::getInstance());
Tracker::enable();

if ($route === '/url') {
UrlRedirector::redirect();
}

return;
}

Expand Down
20 changes: 12 additions & 8 deletions libraries/classes/Controllers/ChangeLogController.php
View file
Expand Up @@ -8,6 +8,7 @@
namespace PhpMyAdmin\Controllers;

use PhpMyAdmin\Http\ServerRequest;
use PhpMyAdmin\Url;

use function __;
use function array_keys;
Expand Down Expand Up @@ -64,38 +65,41 @@ public function __invoke(ServerRequest $request): void
$faq_url = 'https://docs.phpmyadmin.net/en/latest/faq.html';

$replaces = [
'@(https?://[./a-zA-Z0-9.-_-]*[/a-zA-Z0-9_])@' => '<a href="url.php?url=\\1">\\1</a>',
'@(https?://[./a-zA-Z0-9.-_-]*[/a-zA-Z0-9_])@' => '<a href="'
. Url::getFromRoute('/url') . '&url=\\1">\\1</a>',

// mail address
'/([0-9]{4}-[0-9]{2}-[0-9]{2}) (.+[^ ]) +&lt;(.*@.*)&gt;/i' => '\\1 <a href="mailto:\\3">\\2</a>',

// FAQ entries
'/FAQ ([0-9]+)\.([0-9a-z]+)/i' => '<a href="url.php?url=' . $faq_url . '#faq\\1-\\2">FAQ \\1.\\2</a>',
'/FAQ ([0-9]+)\.([0-9a-z]+)/i' => '<a href="'
. Url::getFromRoute('/url') . '&url=' . $faq_url . '#faq\\1-\\2">FAQ \\1.\\2</a>',

// GitHub issues
'/issue\s*#?([0-9]{4,5}) /i' => '<a href="url.php?url=' . $github_url . 'issues/\\1">issue #\\1</a> ',
'/issue\s*#?([0-9]{4,5}) /i' => '<a href="'
. Url::getFromRoute('/url') . '&url=' . $github_url . 'issues/\\1">issue #\\1</a> ',

// CVE/CAN entries
'/((CAN|CVE)-[0-9]+-[0-9]+)/' => '<a href="url.php?url='
'/((CAN|CVE)-[0-9]+-[0-9]+)/' => '<a href="' . Url::getFromRoute('/url') . '&url='
. 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=\\1">\\1</a>',

// PMASAentries
'/(PMASA-[0-9]+-[0-9]+)/' => '<a href="url.php?url=https://www.phpmyadmin.net/security/\\1/">\\1</a>',
'/(PMASA-[0-9]+-[0-9]+)/' => '<a href="'
. Url::getFromRoute('/url') . '&url=https://www.phpmyadmin.net/security/\\1/">\\1</a>',

// Highlight releases (with links)
'/([0-9]+)\.([0-9]+)\.([0-9]+)\.0 (\([0-9-]+\))/' => '<a id="\\1_\\2_\\3"></a>'
. '<a href="url.php?url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3">'
. '<a href="' . Url::getFromRoute('/url') . '&url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3">'
. '\\1.\\2.\\3.0 \\4</a>',
'/([0-9]+)\.([0-9]+)\.([0-9]+)\.([1-9][0-9]*) (\([0-9-]+\))/' => '<a id="\\1_\\2_\\3_\\4"></a>'
. '<a href="url.php?url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3_\\4">'
. '<a href="' . Url::getFromRoute('/url') . '&url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3_\\4">'
. '\\1.\\2.\\3.\\4 \\5</a>',

// Highlight releases (not linkable)
'/( ### )(.*)/' => '\\1<b>\\2</b>',

// Links target and rel
'/a href="/' => 'a target="_blank" rel="noopener noreferrer" href="',

];

$this->response->header('Content-type: text/html; charset=utf-8');
Expand Down
4 changes: 2 additions & 2 deletions libraries/classes/Core.php
View file
Expand Up @@ -633,10 +633,10 @@ public static function linkURL(string $url): string
$query = http_build_query(['url' => $vars['url']]);

if ($GLOBALS['config'] !== null && $GLOBALS['config']->get('is_setup')) {
return '../url.php?' . $query;
return '../index.php?route=/url&' . $query;
}

return './url.php?' . $query;
return 'index.php?route=/url&' . $query;
}

/**
Expand Down
6 changes: 3 additions & 3 deletions libraries/classes/Html/Generator.php
View file
Expand Up @@ -636,8 +636,8 @@ public static function getMessage(
. urlencode(self::generateRowQueryOutput($sqlQuery));
$explainLink .= ' ['
. self::linkOrButton(
htmlspecialchars('url.php?url=' . urlencode($url)),
null,
Url::getFromRoute('/url'),
['url' => $url],
sprintf(__('Analyze Explain at %s'), 'mariadb.org'),
[],
'_blank',
Expand Down Expand Up @@ -1071,7 +1071,7 @@ public static function linkOrButton(

if (! empty($target)) {
$tagParams['target'] = $target;
if ($target === '_blank' && str_starts_with($url, 'url.php?')) {
if ($target === '_blank' && str_starts_with($url, 'index.php?route=/url&url=')) {
$tagParams['rel'] = 'noopener noreferrer';
}
}
Expand Down
2 changes: 1 addition & 1 deletion libraries/classes/Sanitize.php
View file
Expand Up @@ -46,7 +46,7 @@ public static function checkLink($url, $http = false, $other = false): bool
$url = strtolower($url);
$valid_starts = [
'https://',
'./url.php?url=https%3a%2f%2f',
'index.php?route=/url&url=https%3a%2f%2f',
'./doc/html/',
'./index.php?',
];
Expand Down
2 changes: 1 addition & 1 deletion psalm-baseline.xml
View file
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?>
<files psalm-version="v4.25.0@d7cd84c4ebca74ba3419b9601f81d177bcbe2aac">
<files psalm-version="4.26.0@6998fabb2bf528b65777bf9941920888d23c03ac">
<file src="libraries/classes/Advisory/Advisor.php">
<MixedArgument occurrences="8">
<code>$matches[1]</code>
Expand Down
1 change: 0 additions & 1 deletion psalm.xml
View file
Expand Up @@ -18,7 +18,6 @@
<file name="js/messages.php"/>
<file name="index.php"/>
<file name="show_config_errors.php"/>
<file name="url.php"/>
<ignoreFiles>
<directory name="vendor"/>
<directory name="libraries/cache"/>
Expand Down
2 changes: 0 additions & 2 deletions scripts/check-release-excludes.sh
View file
Expand Up @@ -183,8 +183,6 @@ validateExtension() {
;;
index.php)
;;
url.php)
;;
js/messages.php)
;;
config.sample.inc.php)
Expand Down
2 changes: 1 addition & 1 deletion templates/home/index.twig
View file
Expand Up @@ -18,7 +18,7 @@
{% trans 'phpMyAdmin Demo Server' %}
</div>
<div class="card-body">
{% apply format('<a href="url.php?url=https://demo.phpmyadmin.net/" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %}
{% apply format('<a href="' ~ url('/url', {'url': 'https://demo.phpmyadmin.net/'}) ~ '" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %}
{% trans %}
You are using the demo server. You can do anything here, but please do not change root, debian-sys-maint and pma users. More information is available at %s.
{% endtrans %}
Expand Down
2 changes: 1 addition & 1 deletion templates/login/form.twig
View file
Expand Up @@ -4,7 +4,7 @@
<div class="card mb-4">
<div class="card-header">{% trans 'phpMyAdmin Demo Server' %}</div>
<div class="card-body">
{% apply format('<a href="url.php?url=https://demo.phpmyadmin.net/" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %}
{% apply format('<a href="' ~ url('/url', {'url': 'https://demo.phpmyadmin.net/'}) ~ '" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %}
{% trans %}
You are using the demo server. You can do anything here, but please do not change root, debian-sys-maint and pma users. More information is available at %s.
{% endtrans %}
Expand Down
4 changes: 2 additions & 2 deletions templates/setup/home/index.twig
View file
Expand Up @@ -172,8 +172,8 @@
</fieldset>

<div id="footer">
<a href="../url.php?url=https://www.phpmyadmin.net/">{% trans 'phpMyAdmin homepage' %}</a>
<a href="../url.php?url=https://www.phpmyadmin.net/donate/">{% trans 'Donate' %}</a>
<a href="../{{ url('/url', {'url': 'https://www.phpmyadmin.net/'}) }}">{% trans 'phpMyAdmin homepage' %}</a>
<a href="../{{ url('/url', {'url': 'https://www.phpmyadmin.net/donate/'}) }}">{% trans 'Donate' %}</a>
<a href="{{ get_common({'version_check': '1'}) }}">{% trans 'Check for latest version' %}</a>
</div>

Expand Down
12 changes: 6 additions & 6 deletions test/classes/Advisory/AdvisorTest.php
View file
Expand Up @@ -227,7 +227,7 @@ public function rulesProvider(): array
'justification_formula' => 'value',
'name' => 'Distribution',
'issue' => 'official MySQL binaries.',
'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F' .
'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F' .
'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>',
'id' => 'Distribution',
],
Expand All @@ -247,7 +247,7 @@ public function rulesProvider(): array
'justification_formula' => 'ADVISOR_timespanFormat(1377027)',
'name' => 'Distribution',
'issue' => 'official MySQL binaries.',
'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F' .
'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F' .
'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>',
'id' => 'Distribution',
],
Expand All @@ -268,9 +268,9 @@ public function rulesProvider(): array
'justification_formula' => 'ADVISOR_formatByteDown(1000000, 2, 2)',
'name' => 'Distribution',
'issue' => 'official MySQL binaries.',
'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F'
'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F'
. 'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>'
. ' and <a href="./url.php?url=https%3A%2F%2Fexample.com%2F" target="_blank"'
. ' and <a href="index.php?route=/url&url=https%3A%2F%2Fexample.com%2F" target="_blank"'
. ' rel="noopener noreferrer">web2</a>',
'id' => 'Distribution',
],
Expand All @@ -292,9 +292,9 @@ public function rulesProvider(): array
'name' => 'Distribution',
'issue' => '<a href="index.php?route=/server/variables&filter=long_query_time&lang=en">'
. 'long_query_time</a> is set to 10 seconds or more',
'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F'
'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F'
. 'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>'
. ' and <a href="./url.php?url=https%3A%2F%2Fexample.com%2F" target="_blank"'
. ' and <a href="index.php?route=/url&url=https%3A%2F%2Fexample.com%2F" target="_blank"'
. ' rel="noopener noreferrer">web2</a>',
'id' => 'Distribution',
],
Expand Down
3 changes: 2 additions & 1 deletion test/classes/Config/FormDisplayTest.php
View file
Expand Up @@ -312,7 +312,8 @@ public function testHasErrors(): void
public function testGetDocLink(): void
{
$this->assertEquals(
'./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fconfig.html%23cfg_Servers_3_test_2_',
'index.php?route=/url&url='
. 'https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fconfig.html%23cfg_Servers_3_test_2_',
$this->object->getDocLink('Servers/3/test/2/')
);

Expand Down
6 changes: 3 additions & 3 deletions test/classes/CoreTest.php
View file
Expand Up @@ -484,7 +484,7 @@ public function testGetPHPDocLink(): void
$lang = _pgettext('PHP documentation language', 'en');
$this->assertEquals(
Core::getPHPDocLink('function'),
'./url.php?url=https%3A%2F%2Fwww.php.net%2Fmanual%2F'
'index.php?route=/url&url=https%3A%2F%2Fwww.php.net%2Fmanual%2F'
. $lang . '%2Ffunction'
);
}
Expand Down Expand Up @@ -512,11 +512,11 @@ public function providerTestLinkURL(): array
return [
[
'https://wiki.phpmyadmin.net',
'./url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net',
'index.php?route=/url&url=https%3A%2F%2Fwiki.phpmyadmin.net',
],
[
'https://wiki.phpmyadmin.net',
'./url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net',
'index.php?route=/url&url=https%3A%2F%2Fwiki.phpmyadmin.net',
],
[
'wiki.phpmyadmin.net',
Expand Down
17 changes: 9 additions & 8 deletions test/classes/Html/GeneratorTest.php
View file
Expand Up @@ -177,7 +177,7 @@ public function testShowPHPDocumentation(): void

$target = 'docu';
$lang = _pgettext('PHP documentation language', 'en');
$expected = '<a href="./url.php?url=https%3A%2F%2Fwww.php.net%2Fmanual%2F' . $lang
$expected = '<a href="index.php?route=/url&url=https%3A%2F%2Fwww.php.net%2Fmanual%2F' . $lang
. '%2F' . $target . '" target="documentation">'
. '<img src="themes/dot.gif" title="' . __('Documentation') . '" alt="'
. __('Documentation') . '" class="icon ic_b_help"></a>';
Expand Down Expand Up @@ -282,14 +282,15 @@ public function linksOrButtons(): array
],
[
[
'url.php?url=http://phpmyadmin.net/',
'index.php?route=/url&url=http://phpmyadmin.net/',
null,
'text',
[],
'_blank',
],
1000,
'<a href="url.php?url=http://phpmyadmin.net/" target="_blank" rel="noopener noreferrer">text</a>',
'<a href="index.php?route=/url&url=http://phpmyadmin.net/" target="_blank"'
. ' rel="noopener noreferrer">text</a>',
],
[
[
Expand Down Expand Up @@ -355,12 +356,12 @@ public function testFormatSql(): void
public function testGetServerSSL(): void
{
$sslNotUsed = '<span class="">SSL is not being used</span>'
. ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"'
. ' class="icon ic_b_help"></a>';

$sslNotUsedCaution = '<span class="text-danger">SSL is not being used</span>'
. ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"'
. ' class="icon ic_b_help"></a>';

Expand Down Expand Up @@ -414,7 +415,7 @@ public function testGetServerSSL(): void

$this->assertEquals(
'<span class="text-danger">SSL is used with disabled verification</span>'
. ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"'
. ' class="icon ic_b_help"></a>',
Generator::getServerSSL()
Expand All @@ -428,7 +429,7 @@ public function testGetServerSSL(): void

$this->assertEquals(
'<span class="text-danger">SSL is used without certification authority</span>'
. ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"'
. ' class="icon ic_b_help"></a>',
Generator::getServerSSL()
Expand All @@ -443,7 +444,7 @@ public function testGetServerSSL(): void

$this->assertEquals(
'<span class="">SSL is used</span>'
. ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"'
. ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"'
. ' class="icon ic_b_help"></a>',
Generator::getServerSSL()
Expand Down
2 changes: 1 addition & 1 deletion test/classes/Html/MySQLDocumentationTest.php
View file
Expand Up @@ -18,7 +18,7 @@ public function testShowDocumentation(): void
$GLOBALS['cfg']['ServerDefault'] = 1;

$this->assertEquals(
'<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen'
'<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen'
. '%2Flatest%2Fpage.html%23anchor" target="documentation"><img src="themes/dot.gif"'
. ' title="Documentation" alt="Documentation" class="icon ic_b_help"></a>',
MySQLDocumentation::showDocumentation('page', 'anchor')
Expand Down
10 changes: 5 additions & 5 deletions test/classes/MessageTest.php
View file
Expand Up @@ -352,27 +352,27 @@ public function decodeBBDataProvider(): array
],
[
'[a@https://example.com/@Documentation]link[/a]',
'<a href="./url.php?url=https%3A%2F%2Fexample.com%2F" target="Documentation">link</a>',
'<a href="index.php?route=/url&url=https%3A%2F%2Fexample.com%2F" target="Documentation">link</a>',
],
[
'[a@./non-existing@Documentation]link[/a]',
'[a@./non-existing@Documentation]link</a>',
],
[
'[doc@foo]link[/doc]',
'<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F'
'<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F'
. 'latest%2Fsetup.html%23foo" '
. 'target="documentation">link</a>',
],
[
'[doc@page@anchor]link[/doc]',
'<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F'
'<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F'
. 'latest%2Fpage.html%23anchor" '
. 'target="documentation">link</a>',
],
[
'[doc@faqmysql]link[/doc]',
'<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F'
'<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F'
. 'latest%2Ffaq.html%23faqmysql" '
. 'target="documentation">link</a>',
],
Expand Down Expand Up @@ -463,7 +463,7 @@ public function testGetMessageWithMessageWithBBCode(): void
{
$this->object->setMessage('[kbd]test[/kbd] [doc@cfg_Example]test[/doc]');
$this->assertEquals(
'<kbd>test</kbd> <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.'
'<kbd>test</kbd> <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.'
. 'net%2Fen%2Flatest%2Fconfig.html%23cfg_Example"'
. ' target="documentation">test</a>',
$this->object->getMessage()
Expand Down

0 comments on commit 2d41333

Please sign in to comment.