Home Explore Help
Sign In
other
/
pma
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 95e2ed6005
Branches Tags
pma
/
libraries
/
classes
/
UrlRedirector.php

UrlRedirector.php 1.7 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace PhpMyAdmin;
    6. 

  6. 

  7. use function __;
    8. 

  8. use function is_scalar;
    9. 

  9. use function preg_match;
    10. 

  10. use function strlen;
    11. 

  11. 

  12. /**
    13. 

  13.  * URL redirector to avoid leaking Referer with some sensitive information.
    14. 

  14.  */
    15. 

  15. final class UrlRedirector
    16. 

  16. {
    17. 

  17.     /**
    18. 

  18.      * @psalm-return never
    19. 

  19.      */
    20. 

  20.     public static function redirect(): void
    21. 

  21.     {
    22. 

  22.         global $containerBuilder, $dbi;
    23. 

  23. 

  24.         // Load database service because services.php is not available here
    25. 

  25.         $dbi = DatabaseInterface::load();
    26. 

  26.         $containerBuilder->set(DatabaseInterface::class, $dbi);
    27. 

  27. 

  28.         // Only output the http headers
    29. 

  29.         $response = ResponseRenderer::getInstance();
    30. 

  30.         $response->getHeader()->sendHttpHeaders();
    31. 

  31.         $response->disable();
    32. 

  32. 

  33.         if (
    34. 

  34.             ! isset($_GET['url']) || ! is_scalar($_GET['url']) || strlen((string) $_GET['url']) === 0
    35. 

  35.             || ! preg_match('/^https:\/\/[^\n\r]*$/', (string) $_GET['url'])
    36. 

  36.             || ! Core::isAllowedDomain((string) $_GET['url'])
    37. 

  37.         ) {
    38. 

  38.             Core::sendHeaderLocation('./');
    39. 

  39. 

  40.             exit;
    41. 

  41.         }
    42. 

  42. 

  43.         /**
    44. 

  44.          * JavaScript redirection is necessary. Because if header() is used then web browser sometimes does not change
    45. 

  45.          * the HTTP_REFERER field and so with old URL as Referer, token also goes to external site.
    46. 

  46.          *
    47. 

  47.          * @var Template $template
    48. 

  48.          */
    49. 

  49.         $template = $containerBuilder->get('template');
    50. 

  50.         echo $template->render('javascript/redirect', [
    51. 

  51.             'url' => Sanitize::escapeJsString((string) $_GET['url']),
    52. 

  52.         ]);
    53. 

  53.         // Display redirecting msg on screen.
    54. 

  54.         // Do not display the value of $_GET['url'] to avoid showing injected content
    55. 

  55.         echo __('Taking you to the target site.');
    56. 

  56. 

  57.         exit;
    58. 

  58.     }
    59. 

  59. }
    60.