[security] Redirect external links to avoid Referer leakage.

2011-01-28 13:13:22 +01:00
parent 87b0c30747
commit dc0c6938b2
15 changed files with 60 additions and 31 deletions
--- a/url.php
+++ b/url.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ * URL redirector to avoid leaking Referer with some sensitive information.
+ */
+
+/**
+ * Gets core libraries and defines some variables
+ */
+require_once './libraries/common.inc.php';
+
+PMA_checkParameters(array('url'));
+
+if (! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) {
+    header('Location: ' . $cfg['PmaAbsoluteUri']);
+} else {
+    header('Location: ' . $GLOBALS['url']);
+}
+?>