Encrypt query params of Navigation links

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
author: Maurício Meneghini Fauth <mauricio@fauth.dev> 2021-10-16 22:51:11 +0300
committer: Maurício Meneghini Fauth <mauricio@fauth.dev> 2022-01-10 18:19:43 +0300
commit: 3095181bb3449401bcae92cbb1d36762a70f5a27 (patch)
tree: d9b5533b7f60ee320beffb464368fd07e196912f /libraries
parent: f1aaec1a5a3518bb4312c0dea540caa7c49d8ffe (diff)
2 files changed, 23 insertions, 3 deletions
diff --git a/libraries/classes/Navigation/NavigationTree.php b/libraries/classes/Navigation/NavigationTree.php
index 78659a4b7f..c40b1408b9 100644
--- a/libraries/classes/Navigation/NavigationTree.php
+++ b/libraries/classes/Navigation/NavigationTree.php
@@ -1156,7 +1156,7 @@ class NavigationTree
                 }
 
                 foreach ($icons as $key => $icon) {
-                    $link = vsprintf($iconLinks[$key], $args);
+                    $link = $this->encryptQueryParams(vsprintf($iconLinks[$key], $args));
                     if ($linkClass != '') {
                         $retval .= "<a class='$linkClass' href='$link'>";
                         $retval .= "{$icon}</a>";
@@ -1174,7 +1174,7 @@ class NavigationTree
                 foreach ($node->parents(true) as $parent) {;
                     $args[] = urlencode($parent->real_name);
                 }
-                $link = vsprintf($node->links['text'], $args);
+                $link = $this->encryptQueryParams(vsprintf($node->links['text'], $args));
                 $title = isset($node->links['title']) ? $node->links['title'] : '';
                 if ($node->type == Node::CONTAINER) {
                     $retval .= "&nbsp;<a class='hover_show_full' href='$link'>";
@@ -1557,4 +1557,23 @@ class NavigationTree
 
         return $retval;
     }
+
+    /**
+     * @param string $link
+     *
+     * @return string
+     */
+    private function encryptQueryParams($link)
+    {
+        global $PMA_Config;
+
+        if (! $PMA_Config->get('URLQueryEncryption')) {
+            return $link;
+        }
+
+        $url = parse_url($link);
+        parse_str(htmlspecialchars_decode($url['query']), $query);
+
+        return $url['path'] . '?' . Url::buildHttpQuery($query);
+    }
 }
diff --git a/libraries/classes/Url.php b/libraries/classes/Url.php
index 9cabee652c..215a1b98fc 100644
--- a/libraries/classes/Url.php
+++ b/libraries/classes/Url.php
@@ -232,7 +232,7 @@ class Url
      * @param array<string, mixed> $params
      * @return string
      */
-    private static function buildHttpQuery($params)
+    public static function buildHttpQuery($params)
     {
         global $PMA_Config;
 
@@ -246,6 +246,7 @@ class Url
         $keys = [
             'db',
             'table',
+            'field',
             'sql_query',
             'sql_signature',
             'where_clause',
author	Maurício Meneghini Fauth <mauricio@fauth.dev>	2021-10-16 22:51:11 +0300
committer	Maurício Meneghini Fauth <mauricio@fauth.dev>	2022-01-10 18:19:43 +0300
commit	3095181bb3449401bcae92cbb1d36762a70f5a27 (patch)
tree	d9b5533b7f60ee320beffb464368fd07e196912f /libraries
parent	f1aaec1a5a3518bb4312c0dea540caa7c49d8ffe (diff)