Direct links from HTTPS to HTTP
This commit is contained in:
parent
9307f1304f
commit
2cec7584f6
|
@ -24,11 +24,12 @@ include "../adminer/include/functions.inc.php";
|
|||
if (!isset($_SERVER["REQUEST_URI"])) {
|
||||
$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"] . ($_SERVER["QUERY_STRING"] != "" ? "?$_SERVER[QUERY_STRING]" : ""); // IIS 5 compatibility
|
||||
}
|
||||
$HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
|
||||
|
||||
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
|
||||
if (!ini_bool("session.auto_start")) {
|
||||
session_name("adminer_sid"); // use specific session name to get own namespace
|
||||
$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off"));
|
||||
$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
|
||||
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
||||
$params[] = true; // HttpOnly
|
||||
}
|
||||
|
|
|
@ -7,11 +7,11 @@
|
|||
* @return null
|
||||
*/
|
||||
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||
global $LANG, $VERSION, $adminer, $connection, $drivers;
|
||||
global $LANG, $VERSION, $HTTPS, $adminer, $connection, $drivers;
|
||||
header("Content-Type: text/html; charset=utf-8");
|
||||
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
|
||||
$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
|
||||
$protocol = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off") ? "https" : "http");
|
||||
$protocol = ($HTTPS ? "https" : "http");
|
||||
?>
|
||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
|
||||
<html lang="<?php echo $LANG; ?>">
|
||||
|
|
|
@ -245,13 +245,14 @@ function where_link($i, $column, $value, $operator = "=") {
|
|||
* @return bool
|
||||
*/
|
||||
function cookie($name, $value) {
|
||||
global $HTTPS;
|
||||
$params = array(
|
||||
$name,
|
||||
(ereg("\n", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2
|
||||
time() + 2592000, // 2592000 - 30 days
|
||||
preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]),
|
||||
"",
|
||||
$_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")
|
||||
$HTTPS
|
||||
);
|
||||
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
||||
$params[] = true; // HttpOnly
|
||||
|
@ -703,11 +704,11 @@ function is_email($email) {
|
|||
|
||||
/** Check whether the string is URL address
|
||||
* @param string
|
||||
* @return bool
|
||||
* @return string "http", "https" or ""
|
||||
*/
|
||||
function is_url($string) {
|
||||
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component
|
||||
return preg_match("~^https?://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string); //! restrict path, query and fragment characters
|
||||
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN
|
||||
return (preg_match("~^(https?)://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters
|
||||
}
|
||||
|
||||
/** Print header for hidden fieldset (close by </div></fieldset>)
|
||||
|
|
|
@ -315,11 +315,16 @@ if (!$columns) {
|
|||
}
|
||||
}
|
||||
}
|
||||
if (!$link && is_email($val)) {
|
||||
if (!$link) {
|
||||
if (is_email($val)) {
|
||||
$link = "mailto:$val";
|
||||
}
|
||||
if (!$link && is_url($row[$key])) {
|
||||
$link = "http://www.adminer.org/redirect/?url=" . urlencode($row[$key]); // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5
|
||||
if ($protocol = is_url($row[$key])) {
|
||||
$link = ($protocol == "http" && $HTTPS
|
||||
? $row[$key] // HTTP links from HTTPS pages don't receive Referer automatically
|
||||
: "$protocol://www.adminer.org/redirect/?url=" . urlencode($row[$key]) // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5
|
||||
);
|
||||
}
|
||||
}
|
||||
$id = h("val[$unique_idf][" . bracket_escape($key) . "]");
|
||||
$value = $_POST["val"][$unique_idf][bracket_escape($key)];
|
||||
|
|
Loading…
Reference in a new issue