url.php

   1 <?php
   2 /* vim: set expandtab sw=4 ts=4 sts=4: */
   3 /**
   4  * URL redirector to avoid leaking Referer with some sensitive information.
   5  *
   6  * @package PhpMyAdmin
   7  */
   8 declare(strict_types=1);
   9
  10 use PhpMyAdmin\Core;
  11 use PhpMyAdmin\Sanitize;
  12 use PhpMyAdmin\Response;
  13
  14 /**
  15  * Gets core libraries and defines some variables
  16  */
  17 define('PMA_MINIMUM_COMMON', true);
  18 require_once './libraries/common.inc.php';
  19
  20 // Only output the http headers
  21 $response = Response::getInstance();
  22 $response->getHeader()->sendHttpHeaders();
  23 $response->disable();
  24
  25 if (! Core::isValid($_REQUEST['url'])
  26     || ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
  27     || ! Core::isAllowedDomain($_REQUEST['url'])
  28 ) {
  29     Core::sendHeaderLocation('./');
  30 } else {
  31     // JavaScript redirection is necessary. Because if header() is used
  32     //  then web browser sometimes does not change the HTTP_REFERER
  33     //  field and so with old URL as Referer, token also goes to
  34     //  external site.
  35     echo "<script type='text/javascript'>
  36             window.onload=function(){
  37                 window.location='" , Sanitize::escapeJsString($_REQUEST['url']) , "';
  38             }
  39         </script>";
  40     // Display redirecting msg on screen.
  41     // Do not display the value of $_REQUEST['url'] to avoid showing injected content
  42     echo __('Taking you to the target site.');
  43 }
  44 die();