[security] Redirect external links to avoid Referer leakage.

libraries/config/FormDisplay.class.php

@@ -681,7 +681,7 @@ class FormDisplay
         if ($test == 'Export') {
             $opt_name = substr($opt_name, 7);
         }
-        return 'http://wiki.phpmyadmin.net/pma/Config#' . $opt_name;
+        return './url.php?url=http://wiki.phpmyadmin.net/pma/Config#' . $opt_name;
     }
 
     /**
@@ -774,4 +774,4 @@ class FormDisplay
         }
     }
 }
-?>
+?>

libraries/config/config_functions.lib.php

@@ -91,10 +91,14 @@ function PMA_lang_link_replace($link, $text)
         $separator = PMA_get_arg_separator('html');
     }
 
-    if (!preg_match('#^http://#', $link)) {
+    if (!preg_match('#^https?://#', $link)) {
         $link = str_replace('&', $separator, $link);
+    } elseif (defined('PMA_SETUP')) {
+        $link = '../url.php?url=' . $link;
+    } else {
+        $link = './url.php?url=' . $link;
     }
 
     return '<a href="' . $link . '">' . $text . '</a>';
 }
-?>
+?>