Make redirector require valid token

libraries/common.inc.php

@@ -477,8 +477,6 @@ if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['
         'media_type', 'custom_type', 'bs_reference',
         /* for changing BLOB repository file MIME type */
         'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
-        /* URL redirector */
-        'url'
     );
     /**
      * Require cleanup functions

libraries/core.lib.php

@@ -681,12 +681,15 @@ function PMA_array_remove($path, &$array)
  * @return string URL for a link.
  */
 function PMA_linkURL($url) {
+    $params = array();
+    $params['url'] = $url;
+    $goto = 'url.php' . PMA_generate_common_url($params);
     if (!preg_match('#^https?://#', $url)) {
         return $url;
     } elseif (defined('PMA_SETUP')) {
-        return '../url.php?url=' . $url;
+        return '../' . $goto;
     } else {
-        return './url.php?url=' . $url;
+        return './' . $goto;
     }
 }
 

url.php

@@ -3,16 +3,14 @@
  * URL redirector to avoid leaking Referer with some sensitive information.
  */
 
-define('PMA_MINIMUM_COMMON', TRUE);
-
 /**
  * Gets core libraries and defines some variables
  */
 require_once './libraries/common.inc.php';
 
-if (empty($GLOBALS['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) {
+if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])) {
     header('Location: ' . $cfg['PmaAbsoluteUri']);
 } else {
-    header('Location: ' . $GLOBALS['url']);
+    header('Location: ' . $_GET['url']);
 }
 ?>