From 0a18d86059d2dac273df05ef6abc609db51b2919 Mon Sep 17 00:00:00 2001
From: Dhananjay <dhananjaynakrani@gmail.com>
Date: Fri, 7 Feb 2014 09:42:18 +0530
Subject: Fix for bug#4237.

Signed-off-by: Dhananjay <dhananjaynakrani@gmail.com>
---
 url.php | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'url.php')

diff --git a/url.php b/url.php
index 935c2bca95..b163bdb316 100644
--- a/url.php
+++ b/url.php
@@ -17,7 +17,22 @@ if (! PMA_isValid($_GET['url'])
 ) {
     header('Location: ' . $cfg['PmaAbsoluteUri']);
 } else {
-    header('Location: ' . $_GET['url']);
+    // header('Location: ' . $_GET['url']);
+    
+    // domain whitelist check
+    if (PMA_isAllowedDomain($_GET['url'])) {
+    	// JavaScript redirection is necessary. Because if header() is used then web browser sometimes does not change the HTTP_REFERER field and so with old URL as Referer, token also goes to external site.
+	    echo "<script type='text/javascript'>
+		    	window.onload=function(){
+		    		window.location='".$_GET['url']."';
+	    	}
+	    	</script>";
+        echo 'Taking you to '.($_GET['url']); // Display redirecting msg on screen.
+    }
+    else
+    {
+    	header('Location: ' . $cfg['PmaAbsoluteUri']);
+    }
 }
 die();
 ?>
-- 
cgit v1.2.3