nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Redirect external links to avoid Referer leakage.

Browse Source
This commit is contained in:
Michal Čihař
2011-01-28 13:13:22 +01:00
parent 87b0c30747
commit dc0c6938b2
15 changed files with 60 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libraries/common.lib.php
View File

@@ -419,13 +419,13 @@ function PMA_showMySQLDocu($chapter, $link, $big_icon = false, $anchor = '', $ju
}
if ($just_open) {
return '<a href="' . $url . '" target="mysql_doc">';
return '<a href="./url.php?url=' . $url . '" target="mysql_doc">';
} elseif ($big_icon) {
return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16" height="16" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>';
return '<a href="./url.php?url=' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16" height="16" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>';
} elseif ($GLOBALS['cfg']['ReplaceHelpImg']) {
return '<a href="' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>';
return '<a href="./url.php?url=' . $url . '" target="mysql_doc"><img class="icon" src="' . $GLOBALS['pmaThemeImage'] . 'b_help.png" width="11" height="11" alt="' . __('Documentation') . '" title="' . __('Documentation') . '" /></a>';
} else {
return '[<a href="' . $url . '" target="mysql_doc">' . __('Documentation') . '</a>]';
return '[<a href="./url.php?url=' . $url . '" target="mysql_doc">' . __('Documentation') . '</a>]';
}
} // end of the 'PMA_showMySQLDocu()' function
@@ -2425,7 +2425,7 @@ function PMA_getDbLink($database = null)
function PMA_externalBug($functionality, $component, $minimum_version, $bugref)
{
if ($component == 'mysql' && PMA_MYSQL_INT_VERSION < $minimum_version) {
echo PMA_showHint(sprintf(__('The %s functionality is affected by a known bug, see %s'), $functionality, 'http://bugs.mysql.com/' . $bugref));
echo PMA_showHint(sprintf(__('The %s functionality is affected by a known bug, see %s'), $functionality, './url.php?url=http://bugs.mysql.com/' . $bugref));
}
}