3 * URL redirector to avoid leaking Referer with some sensitive information.
5 declare(strict_types
=1);
8 use PhpMyAdmin\DatabaseInterface
;
9 use PhpMyAdmin\Response
;
10 use PhpMyAdmin\Sanitize
;
12 if (! defined('ROOT_PATH')) {
13 // phpcs:disable PSR1.Files.SideEffects
14 define('ROOT_PATH', __DIR__
. DIRECTORY_SEPARATOR
);
18 global $containerBuilder;
20 // phpcs:disable PSR1.Files.SideEffects
21 define('PMA_MINIMUM_COMMON', true);
24 require_once ROOT_PATH
. 'libraries/common.inc.php';
26 // Load database service because services.yaml is not available here
27 $containerBuilder->set(DatabaseInterface
::class, DatabaseInterface
::load());
29 // Only output the http headers
30 $response = Response
::getInstance();
31 $response->getHeader()->sendHttpHeaders();
34 if (! Core
::isValid($_GET['url'])
35 ||
! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url'])
36 ||
! Core
::isAllowedDomain($_GET['url'])
38 Core
::sendHeaderLocation('./');
40 // JavaScript redirection is necessary. Because if header() is used
41 // then web browser sometimes does not change the HTTP_REFERER
42 // field and so with old URL as Referer, token also goes to
44 $template = $containerBuilder->get('template');
45 echo $template->render('javascript/redirect', [
46 'url' => Sanitize
::escapeJsString($_GET['url']),
48 // Display redirecting msg on screen.
49 // Do not display the value of $_GET['url'] to avoid showing injected content
50 echo __('Taking you to the target site.');