From ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <mcihar@novell.com>
Date: Fri, 20 May 2011 09:01:20 +0200
Subject: [PATCH] Make redirector require valid token

---
 libraries/common.inc.php | 2 --
 libraries/core.lib.php   | 7 +++++--
 url.php                  | 6 ++----
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index 49937c8ed..7d71993ea 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -477,8 +477,6 @@ if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['
         'media_type', 'custom_type', 'bs_reference',
         /* for changing BLOB repository file MIME type */
         'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
-        /* URL redirector */
-        'url'
     );
     /**
      * Require cleanup functions
diff --git a/libraries/core.lib.php b/libraries/core.lib.php
index 76d2c8612..1152d6ab1 100644
--- a/libraries/core.lib.php
+++ b/libraries/core.lib.php
@@ -681,12 +681,15 @@ function PMA_array_remove($path, &$array)
  * @return string URL for a link.
  */
 function PMA_linkURL($url) {
+    $params = array();
+    $params['url'] = $url;
+    $goto = 'url.php' . PMA_generate_common_url($params);
     if (!preg_match('#^https?://#', $url)) {
         return $url;
     } elseif (defined('PMA_SETUP')) {
-        return '../url.php?url=' . $url;
+        return '../' . $goto;
     } else {
-        return './url.php?url=' . $url;
+        return './' . $goto;
     }
 }
 
diff --git a/url.php b/url.php
index ec0ab39a0..5088eff2c 100644
--- a/url.php
+++ b/url.php
@@ -3,16 +3,14 @@
  * URL redirector to avoid leaking Referer with some sensitive information.
  */
 
-define('PMA_MINIMUM_COMMON', TRUE);
-
 /**
  * Gets core libraries and defines some variables
  */
 require_once './libraries/common.inc.php';
 
-if (empty($GLOBALS['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) {
+if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])) {
     header('Location: ' . $cfg['PmaAbsoluteUri']);
 } else {
-    header('Location: ' . $GLOBALS['url']);
+    header('Location: ' . $_GET['url']);
 }
 ?>