From 5e9cf1807372f56a251df1d1ec36d33e5ffd7e29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Tue, 11 Feb 2014 09:13:28 +0100
Subject: [PATCH] Improvements in URL redirector

- do not concatenate message to allow better translation
- avoid possbile XSS
---
 url.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/url.php b/url.php
index 764b81cb7379..ea61c35dae44 100644
--- a/url.php
+++ b/url.php
@@ -25,11 +25,11 @@
         //  external site.
         echo "<script type='text/javascript'>
                 window.onload=function(){
-                    window.location='" . $_GET['url'] . "';
+                    window.location='" . htmlspecialchars($_GET['url']) . "';
                 }
             </script>";
         // Display redirecting msg on screen.
-        echo __('Taking you to ') . ($_GET['url']);
+        printf(__('Taking you to %s.'), htmlspecialchars($_GET['url']));
     } else {
         header('Location: ' . $cfg['PmaAbsoluteUri']);
     }