diff options
author | Michal Čihař <michal@cihar.com> | 2016-07-18 17:39:25 +0300 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2016-07-18 17:41:04 +0300 |
commit | e8c5cab3c117e68a0d837319e0e83bdfc50be1fb (patch) | |
tree | f03daf8ca0be13e04e36e623664436aabffbfb31 /libraries | |
parent | 714818f3ad21aa44ed2017ede8009cbc30d4816d (diff) |
Improve URL filtering in url.php
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'libraries')
-rw-r--r-- | libraries/core.lib.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libraries/core.lib.php b/libraries/core.lib.php index b8eae4d070..19b4383c89 100644 --- a/libraries/core.lib.php +++ b/libraries/core.lib.php @@ -818,6 +818,10 @@ if(! function_exists('hash_equals')) { function PMA_isAllowedDomain($url) { $arr = parse_url($url); + // Avoid URLs without hostname or with credentials + if (empty($arr['host']) || ! empty($arr['user']) || ! empty($arr['pass'])) { + return false; + } $domain = $arr["host"]; $domainWhiteList = array( /* Include current domain */ |