Translated using Weblate (Norwegian Bokmål)
[phpmyadmin.git] / url.php
blobc56ed1f655ced98a0b943154d27e8c6cc77e5de3
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * URL redirector to avoid leaking Referer with some sensitive information.
6 * @package PhpMyAdmin
7 */
9 use PhpMyAdmin\Core;
10 use PhpMyAdmin\Sanitize;
11 use PhpMyAdmin\Response;
13 /**
14 * Gets core libraries and defines some variables
16 define('PMA_MINIMUM_COMMON', true);
17 require_once './libraries/common.inc.php';
19 // Only output the http headers
20 $response = Response::getInstance();
21 $response->getHeader()->sendHttpHeaders();
22 $response->disable();
24 if (! Core::isValid($_REQUEST['url'])
25 || ! preg_match('/^https:\/\/[^\n\r]*$/', $_REQUEST['url'])
26 || ! Core::isAllowedDomain($_REQUEST['url'])
27 ) {
28 Core::sendHeaderLocation('./');
29 } else {
30 // JavaScript redirection is necessary. Because if header() is used
31 // then web browser sometimes does not change the HTTP_REFERER
32 // field and so with old URL as Referer, token also goes to
33 // external site.
34 echo "<script type='text/javascript'>
35 window.onload=function(){
36 window.location='" , Sanitize::escapeJsString($_REQUEST['url']) , "';
38 </script>";
39 // Display redirecting msg on screen.
40 // Do not display the value of $_REQUEST['url'] to avoid showing injected content
41 echo __('Taking you to the target site.');
43 die();