clean up of prior commit
[openemr.git] / phpmyadmin / url.php
blob9c4c8846b6f6934839042d7f213594df5df750be
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * URL redirector to avoid leaking Referer with some sensitive information.
6 * @package PhpMyAdmin
7 */
9 /**
10 * Gets core libraries and defines some variables
12 define('PMA_MINIMUM_COMMON', true);
13 require_once './libraries/common.inc.php';
14 /**
15 * JavaScript escaping.
17 require_once './libraries/js_escape.lib.php';
19 if (! PMA_isValid($_REQUEST['url'])
20 || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_REQUEST['url'])
21 || ! PMA_isAllowedDomain($_REQUEST['url'])
22 ) {
23 header('Location: ' . $cfg['PmaAbsoluteUri']);
24 } else {
25 // JavaScript redirection is necessary. Because if header() is used
26 // then web browser sometimes does not change the HTTP_REFERER
27 // field and so with old URL as Referer, token also goes to
28 // external site.
29 echo "<script type='text/javascript'>
30 window.onload=function(){
31 window.location='" . PMA_escapeJsString($_REQUEST['url']) . "';
33 </script>";
34 // Display redirecting msg on screen.
35 // Do not display the value of $_REQUEST['url'] to avoid showing injected content
36 echo __('Taking you to the target site.');
38 die();