Port content spoofing fix

Signed-off-by: Marc Delisle <marc@infomarc.info>

1 files changed, 2 insertions, 1 deletions

diff --git a/url.php b/url.php
index eec78a52b1..9c4c8846b6 100644
--- a/url.php
+++ b/url.php
@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
             }
         </script>";
     // Display redirecting msg on screen.
-    printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
+    // Do not display the value of $_REQUEST['url'] to avoid showing injected content
+    echo __('Taking you to the target site.');
 }
 die();