Skip to content
Browse files

Make redirector require valid token

  • Loading branch information...
1 parent 32d8446 commit ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d @nijel nijel committed
Showing with 7 additions and 8 deletions.
  1. +0 −2 libraries/common.inc.php
  2. +5 −2 libraries/core.lib.php
  3. +2 −4 url.php
View
2 libraries/common.inc.php
@@ -477,8 +477,6 @@
'media_type', 'custom_type', 'bs_reference',
/* for changing BLOB repository file MIME type */
'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
- /* URL redirector */
- 'url'
);
/**
* Require cleanup functions
View
7 libraries/core.lib.php
@@ -681,12 +681,15 @@ function PMA_array_remove($path, &$array)
* @return string URL for a link.
*/
function PMA_linkURL($url) {
+ $params = array();
+ $params['url'] = $url;
+ $goto = 'url.php' . PMA_generate_common_url($params);
if (!preg_match('#^https?://#', $url)) {
return $url;
} elseif (defined('PMA_SETUP')) {
- return '../url.php?url=' . $url;
+ return '../' . $goto;
} else {
- return './url.php?url=' . $url;
+ return './' . $goto;
}
}
View
6 url.php
@@ -3,16 +3,14 @@
* URL redirector to avoid leaking Referer with some sensitive information.
*/
-define('PMA_MINIMUM_COMMON', TRUE);
-
/**
* Gets core libraries and defines some variables
*/
require_once './libraries/common.inc.php';
-if (empty($GLOBALS['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) {
+if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])) {
header('Location: ' . $cfg['PmaAbsoluteUri']);
} else {
- header('Location: ' . $GLOBALS['url']);
+ header('Location: ' . $_GET['url']);
}
?>

0 comments on commit ecfc8ba

Please sign in to comment.
Something went wrong with that request. Please try again.