Improve URL filtering in url.php

nijel · nijel · commit 88c72dc8dfc7 · 2016-07-18T16:39:59.000+02:00
Signed-off-by: Michal Čihař &lt;michal@cihar.com&gt;
diff --git a/libraries/core.lib.php b/libraries/core.lib.php
@@ -845,6 +845,10 @@ function PMA_linkURL($url)
 function PMA_isAllowedDomain($url)
 {
     $arr = parse_url($url);
+    // Avoid URLs without hostname or with credentials
+    if (empty($arr['host']) || ! empty($arr['user']) || ! empty($arr['pass'])) {
+        return false;
+    }
     $domain = $arr["host"];
     $domainWhiteList = array(
         /* Include current domain */
