url.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * URL redirector to avoid leaking Referer with some sensitive information.
   5  *
   6  * @package PhpMyAdmin
   7  */
   8 declare(strict_types=1);
   9
  10 use PhpMyAdmin\Core;
  11 use PhpMyAdmin\Response;
  12 use PhpMyAdmin\Sanitize;
  13 use PhpMyAdmin\DatabaseInterface;
  14
  15 if (! defined('ROOT_PATH')) {
  16     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  17 }
  18
  19 /**
  20  * Gets core libraries and defines some variables
  21  */
  22 define('PMA_MINIMUM_COMMON', true);
  23 require_once ROOT_PATH . 'libraries/common.inc.php';
  24
  25 // Load database service because services.yaml is not available here
  26 $containerBuilder->set(DatabaseInterface::class, DatabaseInterface::load());
  27
  28 // Only output the http headers
  29 $response = Response::getInstance();
  30 $response->getHeader()->sendHttpHeaders();
  31 $response->disable();
  32
  33 if (! Core::isValid($_GET['url'])
  34     || ! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url'])
  35     || ! Core::isAllowedDomain($_GET['url'])
  36 ) {
  37     Core::sendHeaderLocation('./');
  38 } else {
  39     // JavaScript redirection is necessary. Because if header() is used
  40     //  then web browser sometimes does not change the HTTP_REFERER
  41     //  field and so with old URL as Referer, token also goes to
  42     //  external site.
  43     echo "<script type='text/javascript'>
  44             window.onload=function(){
  45                 window.location='" , Sanitize::escapeJsString($_GET['url']) , "';
  46             }
  47         </script>";
  48     // Display redirecting msg on screen.
  49     // Do not display the value of $_GET['url'] to avoid showing injected content
  50     echo __('Taking you to the target site.');
  51 }
  52 die();