diff options
Diffstat (limited to 'url.php')
-rw-r--r-- | url.php | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -11,6 +11,10 @@ */ define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php'; +/** + * JavaScript escaping. + */ +require_once './libraries/js_escape.lib.php'; if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url']) @@ -24,7 +28,7 @@ if (! PMA_isValid($_GET['url']) // external site. echo "<script type='text/javascript'> window.onload=function(){ - window.location='" . htmlspecialchars($_GET['url']) . "'; + window.location='" . PMA_escapeJsString($_GET['url']) . "'; } </script>"; // Display redirecting msg on screen. |