Hi all
when going to other page, browsers sends Referer header to the next server. This could obviously leak some information from the original website. Given that we might include in URL possibly sensitive information (eg. SQL query), I've added redirector (url.php) inside phpMyAdmin, what hides all the parameter and all what the next site can see is <PmaAbsoluteUri>/url.php?url=<URL where you go>.
On the other side, user might want to hide <PmaAbsoluteUri> as well. This can be only achieved by using some external redirector, for example we could place one at phpmyadmin.net. Any opinions about that?
PS: The referrer should not be sent when original site is using HTTPS, quoting RFC:
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.