diff options
author | Michal Čihař <michal@cihar.com> | 2014-02-11 12:13:28 +0400 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2014-02-11 12:14:42 +0400 |
commit | 5e9cf1807372f56a251df1d1ec36d33e5ffd7e29 (patch) | |
tree | 28eb6cd077f022e43d105e481142881a343c6fa4 /url.php | |
parent | 935c2e14069c928e90b2b80a95b0585dcec18a03 (diff) |
Improvements in URL redirector
- do not concatenate message to allow better translation
- avoid possbile XSS
Diffstat (limited to 'url.php')
-rw-r--r-- | url.php | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -25,11 +25,11 @@ if (! PMA_isValid($_GET['url']) // external site. echo "<script type='text/javascript'> window.onload=function(){ - window.location='" . $_GET['url'] . "'; + window.location='" . htmlspecialchars($_GET['url']) . "'; } </script>"; // Display redirecting msg on screen. - echo __('Taking you to ') . ($_GET['url']); + printf(__('Taking you to %s.'), htmlspecialchars($_GET['url'])); } else { header('Location: ' . $cfg['PmaAbsoluteUri']); } |