Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libraries
diff options
context:
space:
mode:
authorMichal Čihař <michal@cihar.com>2016-07-18 17:39:25 +0300
committerMichal Čihař <michal@cihar.com>2016-07-18 17:41:04 +0300
commite8c5cab3c117e68a0d837319e0e83bdfc50be1fb (patch)
treef03daf8ca0be13e04e36e623664436aabffbfb31 /libraries
parent714818f3ad21aa44ed2017ede8009cbc30d4816d (diff)
Improve URL filtering in url.php
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'libraries')
-rw-r--r--libraries/core.lib.php4
1 files changed, 4 insertions, 0 deletions
diff --git a/libraries/core.lib.php b/libraries/core.lib.php
index b8eae4d070..19b4383c89 100644
--- a/libraries/core.lib.php
+++ b/libraries/core.lib.php
@@ -818,6 +818,10 @@ if(! function_exists('hash_equals')) {
function PMA_isAllowedDomain($url)
{
$arr = parse_url($url);
+ // Avoid URLs without hostname or with credentials
+ if (empty($arr['host']) || ! empty($arr['user']) || ! empty($arr['pass'])) {
+ return false;
+ }
$domain = $arr["host"];
$domainWhiteList = array(
/* Include current domain */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 19:16:38 +0300