url.php

   1 <?php
   2 /**
   3  * URL redirector to avoid leaking Referer with some sensitive information.
   4  */
   5
   6 declare(strict_types=1);
   7
   8 use PhpMyAdmin\Core;
   9 use PhpMyAdmin\DatabaseInterface;
  10 use PhpMyAdmin\Response;
  11 use PhpMyAdmin\Sanitize;
  12
  13 if (! defined('ROOT_PATH')) {
  14     // phpcs:disable PSR1.Files.SideEffects
  15     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  16     // phpcs:enable
  17 }
  18
  19 global $containerBuilder, $dbi;
  20
  21 // phpcs:disable PSR1.Files.SideEffects
  22 define('PMA_MINIMUM_COMMON', true);
  23 // phpcs:enable
  24
  25 require_once ROOT_PATH . 'libraries/common.inc.php';
  26
  27 // Load database service because services.php is not available here
  28 $dbi = DatabaseInterface::load();
  29 $containerBuilder->set(DatabaseInterface::class, $dbi);
  30
  31 // Only output the http headers
  32 $response = Response::getInstance();
  33 $response->getHeader()->sendHttpHeaders();
  34 $response->disable();
  35
  36 if (
  37     ! Core::isValid($_GET['url'])
  38     || ! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url'])
  39     || ! Core::isAllowedDomain($_GET['url'])
  40 ) {
  41     Core::sendHeaderLocation('./');
  42 } else {
  43     // JavaScript redirection is necessary. Because if header() is used
  44     //  then web browser sometimes does not change the HTTP_REFERER
  45     //  field and so with old URL as Referer, token also goes to
  46     //  external site.
  47     $template = $containerBuilder->get('template');
  48     echo $template->render('javascript/redirect', [
  49         'url' => Sanitize::escapeJsString($_GET['url']),
  50     ]);
  51     // Display redirecting msg on screen.
  52     // Do not display the value of $_GET['url'] to avoid showing injected content
  53     echo __('Taking you to the target site.');
  54 }
  55
  56 die;