UPDATE 4.3.34.3.3

author: Christian Foellmann <foellmann@foe-services.de> 2014-12-23 14:48:13 +0300
committer: Christian Foellmann <foellmann@foe-services.de> 2014-12-23 14:48:13 +0300
commit: 2bfb20e57418ebf396149782be9f98e868fe8608 (patch)
tree: a5ec4011410970603d3f462a535a5a359057fa77 /url.php
parent: 20f1bf77c8281efc675a14e0f6bf52f657dabd9a (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/url.php b/url.php
index 71efc9fb6b..82b224311b 100644
--- a/url.php
+++ b/url.php
@@ -11,6 +11,10 @@
  */
 define('PMA_MINIMUM_COMMON', true);
 require_once './libraries/common.inc.php';
+/**
+ * JavaScript escaping.
+ */
+require_once './libraries/js_escape.lib.php';
 
 if (! PMA_isValid($_GET['url'])
     || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])
@@ -24,7 +28,7 @@ if (! PMA_isValid($_GET['url'])
     //  external site.
     echo "<script type='text/javascript'>
             window.onload=function(){
-                window.location='" . htmlspecialchars($_GET['url']) . "';
+                window.location='" . PMA_escapeJsString($_GET['url']) . "';
             }
         </script>";
     // Display redirecting msg on screen.
author	Christian Foellmann <foellmann@foe-services.de>	2014-12-23 14:48:13 +0300
committer	Christian Foellmann <foellmann@foe-services.de>	2014-12-23 14:48:13 +0300
commit	2bfb20e57418ebf396149782be9f98e868fe8608 (patch)
tree	a5ec4011410970603d3f462a535a5a359057fa77 /url.php
parent	20f1bf77c8281efc675a14e0f6bf52f657dabd9a (diff)