From 1d70a1ba64f4bace7a15aa3f153abc81fde4881c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Fri, 22 Jul 2016 12:10:11 +0200
Subject: Allow only https outgoing links
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We no longer produce http links, so it's better to filter out these at
all levels.

Signed-off-by: Michal Čihař <michal@cihar.com>
---
 url.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'url.php')

diff --git a/url.php b/url.php
index c12ceb9211..41896f23b5 100644
--- a/url.php
+++ b/url.php
@@ -17,7 +17,7 @@ require_once './libraries/common.inc.php';
 require_once './libraries/js_escape.lib.php';
 
 if (! PMA_isValid($_REQUEST['url'])
-    || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_REQUEST['url'])
+    || ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
     || ! PMA_isAllowedDomain($_REQUEST['url'])
 ) {
     PMA_sendHeaderLocation('./');
-- 
cgit v1.2.3