diff options
author | Christian Foellmann <foellmann@foe-services.de> | 2014-12-23 14:48:13 +0300 |
---|---|---|
committer | Christian Foellmann <foellmann@foe-services.de> | 2014-12-23 14:48:13 +0300 |
commit | 2bfb20e57418ebf396149782be9f98e868fe8608 (patch) | |
tree | a5ec4011410970603d3f462a535a5a359057fa77 /url.php | |
parent | 20f1bf77c8281efc675a14e0f6bf52f657dabd9a (diff) |
UPDATE 4.3.34.3.3
Diffstat (limited to 'url.php')
-rw-r--r-- | url.php | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -11,6 +11,10 @@ */ define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php'; +/** + * JavaScript escaping. + */ +require_once './libraries/js_escape.lib.php'; if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url']) @@ -24,7 +28,7 @@ if (! PMA_isValid($_GET['url']) // external site. echo "<script type='text/javascript'> window.onload=function(){ - window.location='" . htmlspecialchars($_GET['url']) . "'; + window.location='" . PMA_escapeJsString($_GET['url']) . "'; } </script>"; // Display redirecting msg on screen. |