diff options
author | Michal Čihař <mcihar@novell.com> | 2011-01-28 15:13:22 +0300 |
---|---|---|
committer | Michal Čihař <mcihar@novell.com> | 2011-01-28 15:22:41 +0300 |
commit | dc0c6938b284489acc4b13f6a023c44828b9457c (patch) | |
tree | c2fbbe62b568aaafb958afc1e6ded2b2e69f12fe /url.php | |
parent | 87b0c3074722f4e64c03343145c65a8256227623 (diff) |
[security] Redirect external links to avoid Referer leakage.
Diffstat (limited to 'url.php')
-rw-r--r-- | url.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/url.php b/url.php new file mode 100644 index 0000000000..a9d0f58829 --- /dev/null +++ b/url.php @@ -0,0 +1,18 @@ +<?php +/** + * URL redirector to avoid leaking Referer with some sensitive information. + */ + +/** + * Gets core libraries and defines some variables + */ +require_once './libraries/common.inc.php'; + +PMA_checkParameters(array('url')); + +if (! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) { + header('Location: ' . $cfg['PmaAbsoluteUri']); +} else { + header('Location: ' . $GLOBALS['url']); +} +?> |