2 /* vim: set expandtab sw=4 ts=4 sts=4: */
4 * URL redirector to avoid leaking Referer with some sensitive information.
8 use PMA\libraries\Sanitize
;
11 * Gets core libraries and defines some variables
13 define('PMA_MINIMUM_COMMON', true);
14 require_once './libraries/common.inc.php';
16 // Only output the http headers
17 $response = PMA\libraries\Response
::getInstance();
18 $response->getHeader()->sendHttpHeaders();
21 if (! PMA_isValid($_REQUEST['url'])
22 ||
! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
23 ||
! PMA_isAllowedDomain($_REQUEST['url'])
25 PMA_sendHeaderLocation('./');
27 // JavaScript redirection is necessary. Because if header() is used
28 // then web browser sometimes does not change the HTTP_REFERER
29 // field and so with old URL as Referer, token also goes to
31 echo "<script type='text/javascript'>
32 window.onload=function(){
33 window.location='" , Sanitize
::escapeJsString($_REQUEST['url']) , "';
36 // Display redirecting msg on screen.
37 // Do not display the value of $_REQUEST['url'] to avoid showing injected content
38 echo __('Taking you to the target site.');