diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-08-06 21:02:49 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-08-06 21:02:49 +0300 |
commit | 75cf045fa3ec32d2a82b086d5516315b8fc38afe (patch) | |
tree | 1c54d81edc312230d357b01c78d85a64d43a6a47 | |
parent | 31511720730dba86476f7fff3fb2c3ef443c17f7 (diff) |
Extract url.php entry point into a route
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
-rw-r--r-- | js/src/modules/git-info.js | 2 | ||||
-rw-r--r-- | libraries/classes/Common.php | 6 | ||||
-rw-r--r-- | libraries/classes/Controllers/ChangeLogController.php | 20 | ||||
-rw-r--r-- | libraries/classes/Core.php | 4 | ||||
-rw-r--r-- | libraries/classes/Html/Generator.php | 6 | ||||
-rw-r--r-- | libraries/classes/Sanitize.php | 2 | ||||
-rw-r--r-- | psalm-baseline.xml | 2 | ||||
-rw-r--r-- | psalm.xml | 1 | ||||
-rwxr-xr-x | scripts/check-release-excludes.sh | 2 | ||||
-rw-r--r-- | templates/home/index.twig | 2 | ||||
-rw-r--r-- | templates/login/form.twig | 2 | ||||
-rw-r--r-- | templates/setup/home/index.twig | 4 | ||||
-rw-r--r-- | test/classes/Advisory/AdvisorTest.php | 12 | ||||
-rw-r--r-- | test/classes/Config/FormDisplayTest.php | 3 | ||||
-rw-r--r-- | test/classes/CoreTest.php | 6 | ||||
-rw-r--r-- | test/classes/Html/GeneratorTest.php | 17 | ||||
-rw-r--r-- | test/classes/Html/MySQLDocumentationTest.php | 2 | ||||
-rw-r--r-- | test/classes/MessageTest.php | 10 | ||||
-rw-r--r-- | test/classes/Plugins/Auth/AuthenticationConfigTest.php | 2 | ||||
-rw-r--r-- | test/classes/SanitizeTest.php | 10 | ||||
-rw-r--r-- | url.php | 42 |
21 files changed, 61 insertions, 96 deletions
diff --git a/js/src/modules/git-info.js b/js/src/modules/git-info.js index 792053a5e9..19c06f85dc 100644 --- a/js/src/modules/git-info.js +++ b/js/src/modules/git-info.js @@ -43,7 +43,7 @@ const GitInfo = { if (data && data.version && data.date) { const current = GitInfo.parseVersionString($('span.version').text()); const latest = GitInfo.parseVersionString(data.version); - const url = './url.php?url=https://www.phpmyadmin.net/files/' + Functions.escapeHtml(encodeURIComponent(data.version)) + '/'; + const url = 'index.php?route=/url&url=https://www.phpmyadmin.net/files/' + Functions.escapeHtml(encodeURIComponent(data.version)) + '/'; let versionInformationMessage = document.createElement('span'); versionInformationMessage.className = 'latest'; const versionInformationMessageLink = document.createElement('a'); diff --git a/libraries/classes/Common.php b/libraries/classes/Common.php index 496e166a6c..706074dc33 100644 --- a/libraries/classes/Common.php +++ b/libraries/classes/Common.php @@ -95,7 +95,7 @@ final class Common $request = self::getRequest(); $route = $request->getRoute(); - if ($route === '/import-status') { + if ($route === '/import-status' || $route === '/url') { $GLOBALS['isMinimumCommon'] = true; } @@ -209,6 +209,10 @@ final class Common $GLOBALS['containerBuilder']->set('theme_manager', ThemeManager::getInstance()); Tracker::enable(); + if ($route === '/url') { + UrlRedirector::redirect(); + } + return; } diff --git a/libraries/classes/Controllers/ChangeLogController.php b/libraries/classes/Controllers/ChangeLogController.php index b1b96813df..d1f5b667c5 100644 --- a/libraries/classes/Controllers/ChangeLogController.php +++ b/libraries/classes/Controllers/ChangeLogController.php @@ -8,6 +8,7 @@ declare(strict_types=1); namespace PhpMyAdmin\Controllers; use PhpMyAdmin\Http\ServerRequest; +use PhpMyAdmin\Url; use function __; use function array_keys; @@ -64,30 +65,34 @@ class ChangeLogController extends AbstractController $faq_url = 'https://docs.phpmyadmin.net/en/latest/faq.html'; $replaces = [ - '@(https?://[./a-zA-Z0-9.-_-]*[/a-zA-Z0-9_])@' => '<a href="url.php?url=\\1">\\1</a>', + '@(https?://[./a-zA-Z0-9.-_-]*[/a-zA-Z0-9_])@' => '<a href="' + . Url::getFromRoute('/url') . '&url=\\1">\\1</a>', // mail address '/([0-9]{4}-[0-9]{2}-[0-9]{2}) (.+[^ ]) +<(.*@.*)>/i' => '\\1 <a href="mailto:\\3">\\2</a>', // FAQ entries - '/FAQ ([0-9]+)\.([0-9a-z]+)/i' => '<a href="url.php?url=' . $faq_url . '#faq\\1-\\2">FAQ \\1.\\2</a>', + '/FAQ ([0-9]+)\.([0-9a-z]+)/i' => '<a href="' + . Url::getFromRoute('/url') . '&url=' . $faq_url . '#faq\\1-\\2">FAQ \\1.\\2</a>', // GitHub issues - '/issue\s*#?([0-9]{4,5}) /i' => '<a href="url.php?url=' . $github_url . 'issues/\\1">issue #\\1</a> ', + '/issue\s*#?([0-9]{4,5}) /i' => '<a href="' + . Url::getFromRoute('/url') . '&url=' . $github_url . 'issues/\\1">issue #\\1</a> ', // CVE/CAN entries - '/((CAN|CVE)-[0-9]+-[0-9]+)/' => '<a href="url.php?url=' + '/((CAN|CVE)-[0-9]+-[0-9]+)/' => '<a href="' . Url::getFromRoute('/url') . '&url=' . 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=\\1">\\1</a>', // PMASAentries - '/(PMASA-[0-9]+-[0-9]+)/' => '<a href="url.php?url=https://www.phpmyadmin.net/security/\\1/">\\1</a>', + '/(PMASA-[0-9]+-[0-9]+)/' => '<a href="' + . Url::getFromRoute('/url') . '&url=https://www.phpmyadmin.net/security/\\1/">\\1</a>', // Highlight releases (with links) '/([0-9]+)\.([0-9]+)\.([0-9]+)\.0 (\([0-9-]+\))/' => '<a id="\\1_\\2_\\3"></a>' - . '<a href="url.php?url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3">' + . '<a href="' . Url::getFromRoute('/url') . '&url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3">' . '\\1.\\2.\\3.0 \\4</a>', '/([0-9]+)\.([0-9]+)\.([0-9]+)\.([1-9][0-9]*) (\([0-9-]+\))/' => '<a id="\\1_\\2_\\3_\\4"></a>' - . '<a href="url.php?url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3_\\4">' + . '<a href="' . Url::getFromRoute('/url') . '&url=' . $github_url . 'commits/RELEASE_\\1_\\2_\\3_\\4">' . '\\1.\\2.\\3.\\4 \\5</a>', // Highlight releases (not linkable) @@ -95,7 +100,6 @@ class ChangeLogController extends AbstractController // Links target and rel '/a href="/' => 'a target="_blank" rel="noopener noreferrer" href="', - ]; $this->response->header('Content-type: text/html; charset=utf-8'); diff --git a/libraries/classes/Core.php b/libraries/classes/Core.php index 2ecff03c31..94b5b6ff3d 100644 --- a/libraries/classes/Core.php +++ b/libraries/classes/Core.php @@ -633,10 +633,10 @@ class Core $query = http_build_query(['url' => $vars['url']]); if ($GLOBALS['config'] !== null && $GLOBALS['config']->get('is_setup')) { - return '../url.php?' . $query; + return '../index.php?route=/url&' . $query; } - return './url.php?' . $query; + return 'index.php?route=/url&' . $query; } /** diff --git a/libraries/classes/Html/Generator.php b/libraries/classes/Html/Generator.php index 746f012589..da73100420 100644 --- a/libraries/classes/Html/Generator.php +++ b/libraries/classes/Html/Generator.php @@ -636,8 +636,8 @@ class Generator . urlencode(self::generateRowQueryOutput($sqlQuery)); $explainLink .= ' [' . self::linkOrButton( - htmlspecialchars('url.php?url=' . urlencode($url)), - null, + Url::getFromRoute('/url'), + ['url' => $url], sprintf(__('Analyze Explain at %s'), 'mariadb.org'), [], '_blank', @@ -1071,7 +1071,7 @@ class Generator if (! empty($target)) { $tagParams['target'] = $target; - if ($target === '_blank' && str_starts_with($url, 'url.php?')) { + if ($target === '_blank' && str_starts_with($url, 'index.php?route=/url&url=')) { $tagParams['rel'] = 'noopener noreferrer'; } } diff --git a/libraries/classes/Sanitize.php b/libraries/classes/Sanitize.php index f8366aec60..056459767e 100644 --- a/libraries/classes/Sanitize.php +++ b/libraries/classes/Sanitize.php @@ -46,7 +46,7 @@ class Sanitize $url = strtolower($url); $valid_starts = [ 'https://', - './url.php?url=https%3a%2f%2f', + 'index.php?route=/url&url=https%3a%2f%2f', './doc/html/', './index.php?', ]; diff --git a/psalm-baseline.xml b/psalm-baseline.xml index c6df54e6e3..b071d0db63 100644 --- a/psalm-baseline.xml +++ b/psalm-baseline.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<files psalm-version="v4.25.0@d7cd84c4ebca74ba3419b9601f81d177bcbe2aac"> +<files psalm-version="4.26.0@6998fabb2bf528b65777bf9941920888d23c03ac"> <file src="libraries/classes/Advisory/Advisor.php"> <MixedArgument occurrences="8"> <code>$matches[1]</code> @@ -18,7 +18,6 @@ <file name="js/messages.php"/> <file name="index.php"/> <file name="show_config_errors.php"/> - <file name="url.php"/> <ignoreFiles> <directory name="vendor"/> <directory name="libraries/cache"/> diff --git a/scripts/check-release-excludes.sh b/scripts/check-release-excludes.sh index 9c23a6d791..0d945400d6 100755 --- a/scripts/check-release-excludes.sh +++ b/scripts/check-release-excludes.sh @@ -183,8 +183,6 @@ validateExtension() { ;; index.php) ;; - url.php) - ;; js/messages.php) ;; config.sample.inc.php) diff --git a/templates/home/index.twig b/templates/home/index.twig index 9e089f840c..1d0a3f36dc 100644 --- a/templates/home/index.twig +++ b/templates/home/index.twig @@ -18,7 +18,7 @@ {% trans 'phpMyAdmin Demo Server' %} </div> <div class="card-body"> - {% apply format('<a href="url.php?url=https://demo.phpmyadmin.net/" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %} + {% apply format('<a href="' ~ url('/url', {'url': 'https://demo.phpmyadmin.net/'}) ~ '" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %} {% trans %} You are using the demo server. You can do anything here, but please do not change root, debian-sys-maint and pma users. More information is available at %s. {% endtrans %} diff --git a/templates/login/form.twig b/templates/login/form.twig index 2f0c915a32..4770ea8e67 100644 --- a/templates/login/form.twig +++ b/templates/login/form.twig @@ -4,7 +4,7 @@ <div class="card mb-4"> <div class="card-header">{% trans 'phpMyAdmin Demo Server' %}</div> <div class="card-body"> - {% apply format('<a href="url.php?url=https://demo.phpmyadmin.net/" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %} + {% apply format('<a href="' ~ url('/url', {'url': 'https://demo.phpmyadmin.net/'}) ~ '" target="_blank" rel="noopener noreferrer">demo.phpmyadmin.net</a>')|raw %} {% trans %} You are using the demo server. You can do anything here, but please do not change root, debian-sys-maint and pma users. More information is available at %s. {% endtrans %} diff --git a/templates/setup/home/index.twig b/templates/setup/home/index.twig index 6afaebdc99..a3ede4e973 100644 --- a/templates/setup/home/index.twig +++ b/templates/setup/home/index.twig @@ -172,8 +172,8 @@ </fieldset> <div id="footer"> - <a href="../url.php?url=https://www.phpmyadmin.net/">{% trans 'phpMyAdmin homepage' %}</a> - <a href="../url.php?url=https://www.phpmyadmin.net/donate/">{% trans 'Donate' %}</a> + <a href="../{{ url('/url', {'url': 'https://www.phpmyadmin.net/'}) }}">{% trans 'phpMyAdmin homepage' %}</a> + <a href="../{{ url('/url', {'url': 'https://www.phpmyadmin.net/donate/'}) }}">{% trans 'Donate' %}</a> <a href="{{ get_common({'version_check': '1'}) }}">{% trans 'Check for latest version' %}</a> </div> diff --git a/test/classes/Advisory/AdvisorTest.php b/test/classes/Advisory/AdvisorTest.php index 468f425c51..25f849be6a 100644 --- a/test/classes/Advisory/AdvisorTest.php +++ b/test/classes/Advisory/AdvisorTest.php @@ -227,7 +227,7 @@ class AdvisorTest extends AbstractTestCase 'justification_formula' => 'value', 'name' => 'Distribution', 'issue' => 'official MySQL binaries.', - 'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F' . + 'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F' . 'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>', 'id' => 'Distribution', ], @@ -247,7 +247,7 @@ class AdvisorTest extends AbstractTestCase 'justification_formula' => 'ADVISOR_timespanFormat(1377027)', 'name' => 'Distribution', 'issue' => 'official MySQL binaries.', - 'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F' . + 'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F' . 'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>', 'id' => 'Distribution', ], @@ -268,9 +268,9 @@ class AdvisorTest extends AbstractTestCase 'justification_formula' => 'ADVISOR_formatByteDown(1000000, 2, 2)', 'name' => 'Distribution', 'issue' => 'official MySQL binaries.', - 'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F' + 'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F' . 'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>' - . ' and <a href="./url.php?url=https%3A%2F%2Fexample.com%2F" target="_blank"' + . ' and <a href="index.php?route=/url&url=https%3A%2F%2Fexample.com%2F" target="_blank"' . ' rel="noopener noreferrer">web2</a>', 'id' => 'Distribution', ], @@ -292,9 +292,9 @@ class AdvisorTest extends AbstractTestCase 'name' => 'Distribution', 'issue' => '<a href="index.php?route=/server/variables&filter=long_query_time&lang=en">' . 'long_query_time</a> is set to 10 seconds or more', - 'recommendation' => 'See <a href="./url.php?url=https%3A%2F%2F' + 'recommendation' => 'See <a href="index.php?route=/url&url=https%3A%2F%2F' . 'example.com%2F" target="_blank" rel="noopener noreferrer">web</a>' - . ' and <a href="./url.php?url=https%3A%2F%2Fexample.com%2F" target="_blank"' + . ' and <a href="index.php?route=/url&url=https%3A%2F%2Fexample.com%2F" target="_blank"' . ' rel="noopener noreferrer">web2</a>', 'id' => 'Distribution', ], diff --git a/test/classes/Config/FormDisplayTest.php b/test/classes/Config/FormDisplayTest.php index 7c0e4b2442..e89974f994 100644 --- a/test/classes/Config/FormDisplayTest.php +++ b/test/classes/Config/FormDisplayTest.php @@ -312,7 +312,8 @@ class FormDisplayTest extends AbstractTestCase public function testGetDocLink(): void { $this->assertEquals( - './url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fconfig.html%23cfg_Servers_3_test_2_', + 'index.php?route=/url&url=' + . 'https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fconfig.html%23cfg_Servers_3_test_2_', $this->object->getDocLink('Servers/3/test/2/') ); diff --git a/test/classes/CoreTest.php b/test/classes/CoreTest.php index e0bcd4531e..d61c6533df 100644 --- a/test/classes/CoreTest.php +++ b/test/classes/CoreTest.php @@ -484,7 +484,7 @@ class CoreTest extends AbstractNetworkTestCase $lang = _pgettext('PHP documentation language', 'en'); $this->assertEquals( Core::getPHPDocLink('function'), - './url.php?url=https%3A%2F%2Fwww.php.net%2Fmanual%2F' + 'index.php?route=/url&url=https%3A%2F%2Fwww.php.net%2Fmanual%2F' . $lang . '%2Ffunction' ); } @@ -512,11 +512,11 @@ class CoreTest extends AbstractNetworkTestCase return [ [ 'https://wiki.phpmyadmin.net', - './url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net', + 'index.php?route=/url&url=https%3A%2F%2Fwiki.phpmyadmin.net', ], [ 'https://wiki.phpmyadmin.net', - './url.php?url=https%3A%2F%2Fwiki.phpmyadmin.net', + 'index.php?route=/url&url=https%3A%2F%2Fwiki.phpmyadmin.net', ], [ 'wiki.phpmyadmin.net', diff --git a/test/classes/Html/GeneratorTest.php b/test/classes/Html/GeneratorTest.php index d05fc57571..39f3ee6b8a 100644 --- a/test/classes/Html/GeneratorTest.php +++ b/test/classes/Html/GeneratorTest.php @@ -177,7 +177,7 @@ class GeneratorTest extends AbstractTestCase $target = 'docu'; $lang = _pgettext('PHP documentation language', 'en'); - $expected = '<a href="./url.php?url=https%3A%2F%2Fwww.php.net%2Fmanual%2F' . $lang + $expected = '<a href="index.php?route=/url&url=https%3A%2F%2Fwww.php.net%2Fmanual%2F' . $lang . '%2F' . $target . '" target="documentation">' . '<img src="themes/dot.gif" title="' . __('Documentation') . '" alt="' . __('Documentation') . '" class="icon ic_b_help"></a>'; @@ -282,14 +282,15 @@ class GeneratorTest extends AbstractTestCase ], [ [ - 'url.php?url=http://phpmyadmin.net/', + 'index.php?route=/url&url=http://phpmyadmin.net/', null, 'text', [], '_blank', ], 1000, - '<a href="url.php?url=http://phpmyadmin.net/" target="_blank" rel="noopener noreferrer">text</a>', + '<a href="index.php?route=/url&url=http://phpmyadmin.net/" target="_blank"' + . ' rel="noopener noreferrer">text</a>', ], [ [ @@ -355,12 +356,12 @@ class GeneratorTest extends AbstractTestCase public function testGetServerSSL(): void { $sslNotUsed = '<span class="">SSL is not being used</span>' - . ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' + . ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' . ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"' . ' class="icon ic_b_help"></a>'; $sslNotUsedCaution = '<span class="text-danger">SSL is not being used</span>' - . ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' + . ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' . ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"' . ' class="icon ic_b_help"></a>'; @@ -414,7 +415,7 @@ class GeneratorTest extends AbstractTestCase $this->assertEquals( '<span class="text-danger">SSL is used with disabled verification</span>' - . ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' + . ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' . ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"' . ' class="icon ic_b_help"></a>', Generator::getServerSSL() @@ -428,7 +429,7 @@ class GeneratorTest extends AbstractTestCase $this->assertEquals( '<span class="text-danger">SSL is used without certification authority</span>' - . ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' + . ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' . ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"' . ' class="icon ic_b_help"></a>', Generator::getServerSSL() @@ -443,7 +444,7 @@ class GeneratorTest extends AbstractTestCase $this->assertEquals( '<span class="">SSL is used</span>' - . ' <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' + . ' <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2Fsetup.html%23ssl"' . ' target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation"' . ' class="icon ic_b_help"></a>', Generator::getServerSSL() diff --git a/test/classes/Html/MySQLDocumentationTest.php b/test/classes/Html/MySQLDocumentationTest.php index 9057667c5c..7e84e66501 100644 --- a/test/classes/Html/MySQLDocumentationTest.php +++ b/test/classes/Html/MySQLDocumentationTest.php @@ -18,7 +18,7 @@ class MySQLDocumentationTest extends AbstractTestCase $GLOBALS['cfg']['ServerDefault'] = 1; $this->assertEquals( - '<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen' + '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen' . '%2Flatest%2Fpage.html%23anchor" target="documentation"><img src="themes/dot.gif"' . ' title="Documentation" alt="Documentation" class="icon ic_b_help"></a>', MySQLDocumentation::showDocumentation('page', 'anchor') diff --git a/test/classes/MessageTest.php b/test/classes/MessageTest.php index d9b9b9f7ed..d3073e6278 100644 --- a/test/classes/MessageTest.php +++ b/test/classes/MessageTest.php @@ -352,7 +352,7 @@ class MessageTest extends AbstractTestCase ], [ '[a@https://example.com/@Documentation]link[/a]', - '<a href="./url.php?url=https%3A%2F%2Fexample.com%2F" target="Documentation">link</a>', + '<a href="index.php?route=/url&url=https%3A%2F%2Fexample.com%2F" target="Documentation">link</a>', ], [ '[a@./non-existing@Documentation]link[/a]', @@ -360,19 +360,19 @@ class MessageTest extends AbstractTestCase ], [ '[doc@foo]link[/doc]', - '<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F' + '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F' . 'latest%2Fsetup.html%23foo" ' . 'target="documentation">link</a>', ], [ '[doc@page@anchor]link[/doc]', - '<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F' + '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F' . 'latest%2Fpage.html%23anchor" ' . 'target="documentation">link</a>', ], [ '[doc@faqmysql]link[/doc]', - '<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F' + '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2F' . 'latest%2Ffaq.html%23faqmysql" ' . 'target="documentation">link</a>', ], @@ -463,7 +463,7 @@ class MessageTest extends AbstractTestCase { $this->object->setMessage('[kbd]test[/kbd] [doc@cfg_Example]test[/doc]'); $this->assertEquals( - '<kbd>test</kbd> <a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.' + '<kbd>test</kbd> <a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.' . 'net%2Fen%2Flatest%2Fconfig.html%23cfg_Example"' . ' target="documentation">test</a>', $this->object->getMessage() diff --git a/test/classes/Plugins/Auth/AuthenticationConfigTest.php b/test/classes/Plugins/Auth/AuthenticationConfigTest.php index 833351b9ea..6187b54850 100644 --- a/test/classes/Plugins/Auth/AuthenticationConfigTest.php +++ b/test/classes/Plugins/Auth/AuthenticationConfigTest.php @@ -97,7 +97,7 @@ class AuthenticationConfigTest extends AbstractTestCase ); $this->assertStringContainsString( - '<strong>MySQL said: </strong><a href="./url.php?url=https%3A%2F%2F' . + '<strong>MySQL said: </strong><a href="index.php?route=/url&url=https%3A%2F%2F' . 'dev.mysql.com%2Fdoc%2Frefman%2F5.5%2Fen%2Fserver-error-reference.html"' . ' target="mysql_doc">' . '<img src="themes/dot.gif" title="Documentation" alt="Documentation" ' . diff --git a/test/classes/SanitizeTest.php b/test/classes/SanitizeTest.php index 8242733b7b..3c4fe6b5a5 100644 --- a/test/classes/SanitizeTest.php +++ b/test/classes/SanitizeTest.php @@ -42,7 +42,7 @@ class SanitizeTest extends AbstractTestCase unset($GLOBALS['server']); unset($GLOBALS['lang']); $this->assertEquals( - '<a href="./url.php?url=https%3A%2F%2Fwww.phpmyadmin.net%2F" target="target">link</a>', + '<a href="index.php?route=/url&url=https%3A%2F%2Fwww.phpmyadmin.net%2F" target="target">link</a>', Sanitize::sanitizeMessage('[a@https://www.phpmyadmin.net/@target]link[/a]') ); @@ -60,7 +60,7 @@ class SanitizeTest extends AbstractTestCase public function testDoc(string $link, string $expected): void { $this->assertEquals( - '<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2F' + '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2Fen%2Flatest%2F' . $expected . '" target="documentation">doclink</a>', Sanitize::sanitizeMessage('[doc@' . $link . ']doclink[/doc]') ); @@ -121,7 +121,7 @@ class SanitizeTest extends AbstractTestCase public function testLinkAndXssInHref(): void { $this->assertEquals( - '<a href="./url.php?url=https%3A%2F%2Fdocs.phpmyadmin.net%2F">doc</a>' + '<a href="index.php?route=/url&url=https%3A%2F%2Fdocs.phpmyadmin.net%2F">doc</a>' . '[a@javascript:alert(\'XSS\');@target]link</a>', Sanitize::sanitizeMessage( '[a@https://docs.phpmyadmin.net/]doc[/a][a@javascript:alert(\'XSS\');@target]link[/a]' @@ -402,13 +402,13 @@ class SanitizeTest extends AbstractTestCase ], [ false, - './url.php?url=https://example.com', + 'index.php?route=/url&url=https://example.com', false, false, ], [ true, - './url.php?url=https%3a%2f%2fexample.com', + 'index.php?route=/url&url=https%3a%2f%2fexample.com', false, false, ], diff --git a/url.php b/url.php deleted file mode 100644 index 44fb191800..0000000000 --- a/url.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php - -declare(strict_types=1); - -use PhpMyAdmin\Common; -use PhpMyAdmin\UrlRedirector; - -if (! defined('ROOT_PATH')) { - // phpcs:disable PSR1.Files.SideEffects - define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR); - // phpcs:enable -} - -if (PHP_VERSION_ID < 70205) { - die('<p>PHP 7.2.5+ is required.</p><p>Currently installed version is: ' . PHP_VERSION . '</p>'); -} - -// phpcs:disable PSR1.Files.SideEffects -define('PHPMYADMIN', true); -// phpcs:enable - -require_once ROOT_PATH . 'libraries/constants.php'; - -/** - * Activate autoloader - */ -if (! @is_readable(AUTOLOAD_FILE)) { - die( - '<p>File <samp>' . AUTOLOAD_FILE . '</samp> missing or not readable.</p>' - . '<p>Most likely you did not run Composer to ' - . '<a href="https://docs.phpmyadmin.net/en/latest/setup.html#installing-from-git">' - . 'install library files</a>.</p>' - ); -} - -require AUTOLOAD_FILE; - -$GLOBALS['isMinimumCommon'] = true; - -Common::run(); - -UrlRedirector::redirect(); |