diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2021-10-16 22:51:11 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2022-01-10 18:19:43 +0300 |
commit | 3095181bb3449401bcae92cbb1d36762a70f5a27 (patch) | |
tree | d9b5533b7f60ee320beffb464368fd07e196912f /libraries | |
parent | f1aaec1a5a3518bb4312c0dea540caa7c49d8ffe (diff) |
Encrypt query params of Navigation links
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
Diffstat (limited to 'libraries')
-rw-r--r-- | libraries/classes/Navigation/NavigationTree.php | 23 | ||||
-rw-r--r-- | libraries/classes/Url.php | 3 |
2 files changed, 23 insertions, 3 deletions
diff --git a/libraries/classes/Navigation/NavigationTree.php b/libraries/classes/Navigation/NavigationTree.php index 78659a4b7f..c40b1408b9 100644 --- a/libraries/classes/Navigation/NavigationTree.php +++ b/libraries/classes/Navigation/NavigationTree.php @@ -1156,7 +1156,7 @@ class NavigationTree } foreach ($icons as $key => $icon) { - $link = vsprintf($iconLinks[$key], $args); + $link = $this->encryptQueryParams(vsprintf($iconLinks[$key], $args)); if ($linkClass != '') { $retval .= "<a class='$linkClass' href='$link'>"; $retval .= "{$icon}</a>"; @@ -1174,7 +1174,7 @@ class NavigationTree foreach ($node->parents(true) as $parent) {; $args[] = urlencode($parent->real_name); } - $link = vsprintf($node->links['text'], $args); + $link = $this->encryptQueryParams(vsprintf($node->links['text'], $args)); $title = isset($node->links['title']) ? $node->links['title'] : ''; if ($node->type == Node::CONTAINER) { $retval .= " <a class='hover_show_full' href='$link'>"; @@ -1557,4 +1557,23 @@ class NavigationTree return $retval; } + + /** + * @param string $link + * + * @return string + */ + private function encryptQueryParams($link) + { + global $PMA_Config; + + if (! $PMA_Config->get('URLQueryEncryption')) { + return $link; + } + + $url = parse_url($link); + parse_str(htmlspecialchars_decode($url['query']), $query); + + return $url['path'] . '?' . Url::buildHttpQuery($query); + } } diff --git a/libraries/classes/Url.php b/libraries/classes/Url.php index 9cabee652c..215a1b98fc 100644 --- a/libraries/classes/Url.php +++ b/libraries/classes/Url.php @@ -232,7 +232,7 @@ class Url * @param array<string, mixed> $params * @return string */ - private static function buildHttpQuery($params) + public static function buildHttpQuery($params) { global $PMA_Config; @@ -246,6 +246,7 @@ class Url $keys = [ 'db', 'table', + 'field', 'sql_query', 'sql_signature', 'where_clause', |