Allow only https outgoing links

We no longer produce http links, so it's better to filter out these at
all levels.

Signed-off-by: Michal Čihař <michal@cihar.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/url.php b/url.php
index c12ceb9211..41896f23b5 100644
--- a/url.php
+++ b/url.php
@@ -17,7 +17,7 @@ require_once './libraries/common.inc.php';
 require_once './libraries/js_escape.lib.php';
 
 if (! PMA_isValid($_REQUEST['url'])
-    || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_REQUEST['url'])
+    || ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
     || ! PMA_isAllowedDomain($_REQUEST['url'])
 ) {
     PMA_sendHeaderLocation('./');