diff options
author | Michal Čihař <michal@cihar.com> | 2016-07-22 13:10:11 +0300 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2016-07-22 13:10:11 +0300 |
commit | 1d70a1ba64f4bace7a15aa3f153abc81fde4881c (patch) | |
tree | cfb619543d43478776c40338101d26ec73fe0e07 /url.php | |
parent | 23695db151b7c45522ad627319ea83b9de5e8577 (diff) |
Allow only https outgoing links
We no longer produce http links, so it's better to filter out these at
all levels.
Signed-off-by: Michal Čihař <michal@cihar.com>
Diffstat (limited to 'url.php')
-rw-r--r-- | url.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -17,7 +17,7 @@ require_once './libraries/common.inc.php'; require_once './libraries/js_escape.lib.php'; if (! PMA_isValid($_REQUEST['url']) - || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_REQUEST['url']) + || ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url']) || ! PMA_isAllowedDomain($_REQUEST['url']) ) { PMA_sendHeaderLocation('./'); |