url.php

   1 <?php
   2 /**
   3  * URL redirector to avoid leaking Referer with some sensitive information.
   4  */
   5 declare(strict_types=1);
   6
   7 use PhpMyAdmin\Core;
   8 use PhpMyAdmin\DatabaseInterface;
   9 use PhpMyAdmin\Response;
  10 use PhpMyAdmin\Sanitize;
  11
  12 if (! defined('ROOT_PATH')) {
  13     // phpcs:disable PSR1.Files.SideEffects
  14     define('ROOT_PATH', __DIR__ . DIRECTORY_SEPARATOR);
  15     // phpcs:enable
  16 }
  17
  18 global $containerBuilder;
  19
  20 // phpcs:disable PSR1.Files.SideEffects
  21 define('PMA_MINIMUM_COMMON', true);
  22 // phpcs:enable
  23
  24 require_once ROOT_PATH . 'libraries/common.inc.php';
  25
  26 // Load database service because services.php is not available here
  27 $containerBuilder->set(DatabaseInterface::class, DatabaseInterface::load());
  28
  29 // Only output the http headers
  30 $response = Response::getInstance();
  31 $response->getHeader()->sendHttpHeaders();
  32 $response->disable();
  33
  34 if (! Core::isValid($_GET['url'])
  35     || ! preg_match('/^https:\/\/[^\n\r]*$/', $_GET['url'])
  36     || ! Core::isAllowedDomain($_GET['url'])
  37 ) {
  38     Core::sendHeaderLocation('./');
  39 } else {
  40     // JavaScript redirection is necessary. Because if header() is used
  41     //  then web browser sometimes does not change the HTTP_REFERER
  42     //  field and so with old URL as Referer, token also goes to
  43     //  external site.
  44     $template = $containerBuilder->get('template');
  45     echo $template->render('javascript/redirect', [
  46         'url' => Sanitize::escapeJsString($_GET['url']),
  47     ]);
  48     // Display redirecting msg on screen.
  49     // Do not display the value of $_GET['url'] to avoid showing injected content
  50     echo __('Taking you to the target site.');
  51 }
  52 die;