[Phpmyadmin-git] [SCM] phpMyAdmin branch, MAINT_3_4_1, updated. RELEASE_3_4_1RC1-8-gecfc8ba - Git

20 May 2011

The branch, MAINT_3_4_1 has been updated
       via  ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d (commit)
      from  32d8446e01d5097599e89cb78ade338f03e82a1d (commit)
- Log -----------------------------------------------------------------
commit ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d
Author: Michal Čihař mcihar@novell.com
Date:   Fri May 20 09:01:20 2011 +0200
Make redirector require valid token
-----------------------------------------------------------------------
Summary of changes:
 libraries/common.inc.php |    2 --
 libraries/core.lib.php   |    7 +++++--
 url.php                  |    6 ++----
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index 49937c8..7d71993 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -477,8 +477,6 @@ if (! PMA_isValid($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['
         'media_type', 'custom_type', 'bs_reference',
         /* for changing BLOB repository file MIME type */
         'bs_db', 'bs_table', 'bs_ref', 'bs_new_mime_type',
-        /* URL redirector */
-        'url'
     );
     /**
      * Require cleanup functions
diff --git a/libraries/core.lib.php b/libraries/core.lib.php
index 76d2c86..1152d6a 100644
--- a/libraries/core.lib.php
+++ b/libraries/core.lib.php
@@ -681,12 +681,15 @@ function PMA_array_remove($path, &$array)
  * @return string URL for a link.
  */
 function PMA_linkURL($url) {
+    $params = array();
+    $params['url'] = $url;
+    $goto = 'url.php' . PMA_generate_common_url($params);
     if (!preg_match('#^https?://#', $url)) {
         return $url;
     } elseif (defined('PMA_SETUP')) {
-        return '../url.php?url=' . $url;
+        return '../' . $goto;
     } else {
-        return './url.php?url=' . $url;
+        return './' . $goto;
     }
 }
diff --git a/url.php b/url.php
index ec0ab39..5088eff 100644
--- a/url.php
+++ b/url.php
@@ -3,16 +3,14 @@
  * URL redirector to avoid leaking Referer with some sensitive information.
  */
-define('PMA_MINIMUM_COMMON', TRUE);
-
 /**
  * Gets core libraries and defines some variables
  */
 require_once './libraries/common.inc.php';
-if (empty($GLOBALS['url']) || ! preg_match('/^https?://[^\n\r]*$/', $GLOBALS['url'])) {
+if (! PMA_isValid($_GET['url']) || ! preg_match('/^https?://[^\n\r]*$/', $_GET['url'])) {
     header('Location: ' . $cfg['PmaAbsoluteUri']);
 } else {
-    header('Location: ' . $GLOBALS['url']);
+    header('Location: ' . $_GET['url']);
 }
 ?>
hooks/post-receive
-- 
phpMyAdmin


    