31 Jan
2011
31 Jan
'11
5:22 p.m.
The branch, master has been updated
via 67e4994490749dbd065805b2f345176a3becf9e7 (commit)
via 14ebfdbe8e191fc5adb255a4ef7c6ae87f8b5e12 (commit)
from 82d6f8bfd827d58b043a3b7da85b1f82b544d91a (commit)
- Log -----------------------------------------------------------------
commit 67e4994490749dbd065805b2f345176a3becf9e7
Author: Michal Čihař <mcihar(a)novell.com>
Date: Mon Jan 31 15:21:37 2011 +0100
Single place to handle redirection.
commit 14ebfdbe8e191fc5adb255a4ef7c6ae87f8b5e12
Author: Michal Čihař <mcihar(a)novell.com>
Date: Mon Jan 31 15:10:07 2011 +0100
No need for authentication on url.php (bug#3168011).
-----------------------------------------------------------------------
Summary of changes:
libraries/auth/cookie.auth.lib.php | 2 +-
libraries/auth/swekey/swekey.auth.lib.php | 2 +-
libraries/blobstreaming.lib.php | 2 +-
libraries/common.lib.php | 10 +++++-----
libraries/config/FormDisplay.class.php | 2 +-
libraries/config/config_functions.lib.php | 4 +---
libraries/core.lib.php | 17 +++++++++++++++++
libraries/display_export.lib.php | 2 +-
libraries/engines/pbms.lib.php | 6 +++---
libraries/engines/pbxt.lib.php | 6 +++---
libraries/sanitizing.lib.php | 2 +-
main.php | 8 ++++----
themes.php | 2 +-
url.php | 6 +++---
14 files changed, 43 insertions(+), 28 deletions(-)
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index 805f9b3..7e04819 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -192,7 +192,7 @@ if (top != self) {
?>
<div class="container">
-<a href="./url.php?url=http://www.phpmyadmin.net" target="_blank"
class="logo"><?php
+<a href="<?php echo PMA_linkURL('http://www.phpmyadmin.net/')t/');
?>" target="_blank" class="logo"><?php
$logo_image = $GLOBALS['pmaThemeImage'] . 'logo_right.png';
if (@file_exists($logo_image)) {
echo '<img src="' . $logo_image . '"
id="imLogo" name="imLogo" alt="phpMyAdmin"
border="0" />';
diff --git a/libraries/auth/swekey/swekey.auth.lib.php
b/libraries/auth/swekey/swekey.auth.lib.php
index 19b9163..d2ec1b1 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -231,7 +231,7 @@ function Swekey_login($input_name, $input_go)
?>
function open_swekey_site()
{
- window.open("./url.php?url=http://phpmyadmin.net/auth_key")key");
+ window.open("<?php echo
PMA_linkURL('http://phpmyadmin.net/auth_key')ey'); ?>");
}
var input_username = document.getElementById("<?php echo $input_name;
?>");
diff --git a/libraries/blobstreaming.lib.php b/libraries/blobstreaming.lib.php
index 070c8f3..28b4ca6 100644
--- a/libraries/blobstreaming.lib.php
+++ b/libraries/blobstreaming.lib.php
@@ -497,7 +497,7 @@ function PMA_BS_getURL($reference)
return FALSE;
}
- $bs_url = './url.php?url=http://' . $bs_server . '/' .
rtrim($reference);
+ $bs_url = PMA_linkURL('http://' . $bs_server . '/' .
rtrim($reference));
return $bs_url;
}
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index cf9b7a5..32652de 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -419,13 +419,13 @@ function PMA_showMySQLDocu($chapter, $link, $big_icon = false,
$anchor = '', $ju
}
if ($just_open) {
- return '<a href="./url.php?url=' . $url . '"
target="mysql_doc">';
+ return '<a href="' . PMA_linkURL($url) . '"
target="mysql_doc">';
} elseif ($big_icon) {
- return '<a href="./url.php?url=' . $url . '"
target="mysql_doc"><img class="icon" src="' .
$GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16"
height="16" alt="' . __('Documentation') . '"
title="' . __('Documentation') . '" /></a>';
+ return '<a href="' . PMA_linkURL($url) . '"
target="mysql_doc"><img class="icon" src="' .
$GLOBALS['pmaThemeImage'] . 'b_sqlhelp.png" width="16"
height="16" alt="' . __('Documentation') . '"
title="' . __('Documentation') . '" /></a>';
} elseif ($GLOBALS['cfg']['ReplaceHelpImg']) {
- return '<a href="./url.php?url=' . $url . '"
target="mysql_doc"><img class="icon" src="' .
$GLOBALS['pmaThemeImage'] . 'b_help.png" width="11"
height="11" alt="' . __('Documentation') . '"
title="' . __('Documentation') . '" /></a>';
+ return '<a href="' . PMA_linkURL($url) . '"
target="mysql_doc"><img class="icon" src="' .
$GLOBALS['pmaThemeImage'] . 'b_help.png" width="11"
height="11" alt="' . __('Documentation') . '"
title="' . __('Documentation') . '" /></a>';
} else {
- return '[<a href="./url.php?url=' . $url . '"
target="mysql_doc">' . __('Documentation') .
'</a>]';
+ return '[<a href="' . PMA_linkURL($url) . '"
target="mysql_doc">' . __('Documentation') .
'</a>]';
}
} // end of the 'PMA_showMySQLDocu()' function
@@ -2425,7 +2425,7 @@ function PMA_getDbLink($database = null)
function PMA_externalBug($functionality, $component, $minimum_version, $bugref)
{
if ($component == 'mysql' && PMA_MYSQL_INT_VERSION <
$minimum_version) {
- echo PMA_showHint(sprintf(__('The %s functionality is affected by a known
bug, see %s'), $functionality, './url.php?url=http://bugs.mysql.com/' .
$bugref));
+ echo PMA_showHint(sprintf(__('The %s functionality is affected by a known
bug, see %s'), $functionality, PMA_linkURL('http://bugs.mysql.com/') .
$bugref));
}
}
diff --git a/libraries/config/FormDisplay.class.php
b/libraries/config/FormDisplay.class.php
index b07ac3a..41c421f 100644
--- a/libraries/config/FormDisplay.class.php
+++ b/libraries/config/FormDisplay.class.php
@@ -681,7 +681,7 @@ class FormDisplay
if ($test == 'Export') {
$opt_name = substr($opt_name, 7);
}
- return './url.php?url=http://wiki.phpmyadmin.net/pma/Config#' .
$opt_name;
+ return PMA_linkURL('http://wiki.phpmyadmin.net/pma/Config#' .
$opt_name);
}
/**
diff --git a/libraries/config/config_functions.lib.php
b/libraries/config/config_functions.lib.php
index 0d26cb5..8aac9ef 100644
--- a/libraries/config/config_functions.lib.php
+++ b/libraries/config/config_functions.lib.php
@@ -93,10 +93,8 @@ function PMA_lang_link_replace($link, $text)
if (!preg_match('#^https?://#', $link)) {
$link = str_replace('&', $separator, $link);
- } elseif (defined('PMA_SETUP')) {
- $link = '../url.php?url=' . $link;
} else {
- $link = './url.php?url=' . $link;
+ $link = PMA_linkURL($link);
}
return '<a href="' . $link . '">' . $text .
'</a>';
diff --git a/libraries/core.lib.php b/libraries/core.lib.php
index 54da58c..a3d80f5 100644
--- a/libraries/core.lib.php
+++ b/libraries/core.lib.php
@@ -656,4 +656,21 @@ function PMA_array_remove($path, &$array)
}
}
}
+
+/**
+ * Returns link to (possibly) external site using defined redirector.
+ *
+ * @param string $url URL where to go.
+ *
+ * @return string URL for a link.
+ */
+function PMA_linkURL($url) {
+ if (!preg_match('#^https?://#', $url)) {
+ return $url;
+ } elseif (defined('PMA_SETUP')) {
+ return '../url.php?url=' . $url;
+ } else {
+ return './url.php?url=' . $url;
+ }
+}
?>
diff --git a/libraries/display_export.lib.php b/libraries/display_export.lib.php
index fc2065f..ac223dc 100644
--- a/libraries/display_export.lib.php
+++ b/libraries/display_export.lib.php
@@ -235,7 +235,7 @@ if(isset($_GET['sql_query'])) {
}
$message = new PMA_Message(__('This value is interpreted using
%1$sstrftime%2$s, so you can use time formatting strings. Additionally the following
transformations will happen: %3$s. Other text will be kept as is. See the %4$sFAQ%5$s for
details.'));
- $message->addParam('<a
href="./url.php?url=http://php.net/strftime" target="documentation"
title="'
+ $message->addParam('<a href="' .
PMA_linkURL('http://php.net/strftime') . '"
target="documentation" title="'
. __('Documentation') . '">', false);
$message->addParam('</a>', false);
$message->addParam($trans);
diff --git a/libraries/engines/pbms.lib.php b/libraries/engines/pbms.lib.php
index 4065bf3..5f9b175 100644
--- a/libraries/engines/pbms.lib.php
+++ b/libraries/engines/pbms.lib.php
@@ -91,15 +91,15 @@ class PMA_StorageEngine_pbms extends PMA_StorageEngine
function getPageDocumentation()
{
$output = '<p> Documentation and further information about PBMS can be
found on ' . "\n"
- . '<a href="./url.php?url=http://www.blobstreaming.org/"
target="_blank">The PrimeBase Media Streaming home
page</a>.<br><br>' . "\n"
+ . '<a href="' .
PMA_linkURL('http://www.blobstreaming.org/') . '"
target="_blank">The PrimeBase Media Streaming home
page</a>.<br><br>' . "\n"
. '<table id="PBMS_Related_Links" >' . "\n"
. '<tr>' . "\n"
. '<td>' . "\n"
. '<p>' . "\n"
. '<strong><font size="2"><b>Related
Links</b></font></strong>' . "\n"
. '<br>' . "\n"
- . '<a href="./url.php?url=http://bpbdev.blogspot.com/"
target="_blank">The PrimeBase Media Streaming Blog by Barry
Leslie</a><br><br>' . "\n"
- . '<a href="./url.php?url=http://www.primebase.com/xt"
target="_blank">PrimeBase XT Home Page</a><br><br>' .
"\n"
+ . '<a href="' .
PMA_linkURL('http://bpbdev.blogspot.com/') . '"
target="_blank">The PrimeBase Media Streaming Blog by Barry
Leslie</a><br><br>' . "\n"
+ . '<a href="' .
PMA_linkURL('http://www.primebase.com/xt') . '"
target="_blank">PrimeBase XT Home Page</a><br><br>' .
"\n"
. '</font>' . "\n"
. '</td>' . "\n"
. '</tr>' . "\n"
diff --git a/libraries/engines/pbxt.lib.php b/libraries/engines/pbxt.lib.php
index 66da56a..eb0dad3 100644
--- a/libraries/engines/pbxt.lib.php
+++ b/libraries/engines/pbxt.lib.php
@@ -122,15 +122,15 @@ class PMA_StorageEngine_pbxt extends PMA_StorageEngine
function getPageDocumentation()
{
$output = '<p> Documentation and further information about PBXT can be
found on the ' . "\n"
- . '<a href="./url.php?url=http://www.primebase.com/xt/"
target="_blank">PrimeBase XT Home Page</a>.<br><br>' .
"\n"
+ . '<a href="' .
PMA_linkURL('http://www.primebase.com/xt/') . '"
target="_blank">PrimeBase XT Home Page</a>.<br><br>' .
"\n"
. '<table id="PBMS_Related_Links" >' . "\n"
. '<tr>' . "\n"
. '<td>' . "\n"
. '<p>' . "\n"
. '<strong><font size="2"><b>Related
Links</b></font></strong>' . "\n"
. '<br>' . "\n"
- . '<a href="./url.php?url=http://pbxt.blogspot.com/"
target="_blank">The PrimeBase XT Blog by Paul
McCullagh</a><br><br>' . "\n"
- . '<a href="./url.php?url=http://www.blobstreaming.org/"
target="_blank">The PrimeBase Media Streaming (PBMS) home
page</a>.<br><br>' . "\n"
+ . '<a href="' . PMA_linkURL('http://pbxt.blogspot.com/')
. '" target="_blank">The PrimeBase XT Blog by Paul
McCullagh</a><br><br>' . "\n"
+ . '<a href="' .
PMA_linkURL('http://www.blobstreaming.org/') . '"
target="_blank">The PrimeBase Media Streaming (PBMS) home
page</a>.<br><br>' . "\n"
. '</font>' . "\n"
. '</td>' . "\n"
. '</tr>' . "\n"
diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index adb8df2..a362ebd 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -74,7 +74,7 @@ function PMA_sanitize($message, $escape = false, $safe = false)
}
if (substr($found[1], 0, 4) == 'http') {
- $message = preg_replace($pattern, '<a
href="./url.php?url=\1" target="\2">', $message);
+ $message = preg_replace($pattern, '<a href="' .
PMA_linkURL($found[1]) . '" target="\2">', $message);
} else {
$message = preg_replace($pattern, '<a href="\1"
target="\2">', $message);
}
diff --git a/main.php b/main.php
index 3d03234..1361391 100644
--- a/main.php
+++ b/main.php
@@ -210,16 +210,16 @@ echo '<h2>phpMyAdmin</h2>';
echo '<ul>';
PMA_printListItem(__('Version information') . ': ' . PMA_VERSION,
'li_pma_version');
PMA_printListItem(__('Documentation'), 'li_pma_docs',
'Documentation.html', null, '_blank');
-PMA_printListItem(__('Wiki'), 'li_pma_wiki',
'./url.php?url=http://wiki.phpmyadmin.net', null, '_blank');
+PMA_printListItem(__('Wiki'), 'li_pma_wiki',
PMA_linkURL('http://wiki.phpmyadmin.net/')t/'), null, '_blank');
// does not work if no target specified, don't know why
-PMA_printListItem(__('Official Homepage'), 'li_pma_homepage',
'./url.php?url=http://www.phpMyAdmin.net/', null, '_blank');
+PMA_printListItem(__('Official Homepage'), 'li_pma_homepage',
PMA_linkURL('http://www.phpMyAdmin.net/')t/'), null, '_blank');
?>
<li><bdo xml:lang="en" dir="ltr">
[<a href="changelog.php"
target="_blank">ChangeLog</a>]
- [<a
href="./url.php?url=http://phpmyadmin.git.sourceforge.net/git/gitweb-i…
+ [<a href="<?php echo
PMA_linkURL('http://phpmyadmin.git.sourceforge.net/git/gitweb-index.cgi…gi');
?>"
target="_blank">Git</a>]
- [<a
href="./url.php?url=http://sourceforge.net/mail/?group_id=23067"
+ [<a href="<?php echo
PMA_linkURL('http://sourceforge.net/mail/?group_id=23067')67'); ?>"
target="_blank"><?php echo __('Mailing lists');
?></a>]
</bdo>
</li>
diff --git a/themes.php b/themes.php
index e4ad9f6..b4030c8 100644
--- a/themes.php
+++ b/themes.php
@@ -38,7 +38,7 @@ function takeThis(what){
<body id="bodythemes">
<h1>phpMyAdmin - <?php echo __('Theme / Style'); ?></h1>
-<p><a
href="./url.php?url=http://www.phpmyadmin.net/home_page/themes.php#pma… echo
preg_replace('/([0-9]*)\.([0-9]*)\..*/', '\1_\2', PMA_VERSION);
?>"><?php echo __('Get more themes!'); ?></a></p>
+<p><a href="<?php echo
PMA_linkURL('http://www.phpmyadmin.net/home_page/themes.php')hp'); ?>#pma_<?php
echo preg_replace('/([0-9]*)\.([0-9]*)\..*/', '\1_\2', PMA_VERSION);
?>"><?php echo __('Get more themes!'); ?></a></p>
<?php
$_SESSION['PMA_Theme_Manager']->printPreviews();
?>
diff --git a/url.php b/url.php
index a9d0f58..ec0ab39 100644
--- a/url.php
+++ b/url.php
@@ -3,14 +3,14 @@
* URL redirector to avoid leaking Referer with some sensitive information.
*/
+define('PMA_MINIMUM_COMMON', TRUE);
+
/**
* Gets core libraries and defines some variables
*/
require_once './libraries/common.inc.php';
-PMA_checkParameters(array('url'));
-
-if (! preg_match('/^https?:\/\/[^\n\r]*$/', $GLOBALS['url'])) {
+if (empty($GLOBALS['url']) || ! preg_match('/^https?:\/\/[^\n\r]*$/',
$GLOBALS['url'])) {
header('Location: ' . $cfg['PmaAbsoluteUri']);
} else {
header('Location: ' . $GLOBALS['url']);
hooks/post-receive
--
phpMyAdmin