Stop redirecting links via adminer.org
This commit is contained in:
Jakub Vrana
parent
8829ccdf93
commit
4de6e3180d
|
|
@ -262,7 +262,7 @@ class Adminer {
|
|||
if (preg_match('~json~', $field["type"])) {
|
||||
$return = "<code class='jush-js'>$return</code>";
|
||||
}
|
||||
return ($link ? "<a href='" . h($link) . "'" . (is_url($link) ? " rel='noreferrer'" : "") . ">$return</a>" : $return);
|
||||
return ($link ? "<a href='" . h($link) . "'" . (is_url($link) ? target_blank() : "") . ">$return</a>" : $return);
|
||||
}
|
||||
|
||||
/** Value conversion used in select and edit
|
||||
|
|
|
|||
|
|
@ -128,7 +128,7 @@ function nonce() {
|
|||
* @return string
|
||||
*/
|
||||
function target_blank() {
|
||||
return ' target="_blank" rel="noopener"';
|
||||
return ' target="_blank" rel="noreferrer noopener"';
|
||||
}
|
||||
|
||||
/** Escape for HTML
|
||||
|
|
@ -1215,7 +1215,7 @@ function rand_string() {
|
|||
* @return string HTML
|
||||
*/
|
||||
function select_value($val, $link, $field, $text_length) {
|
||||
global $adminer, $HTTPS;
|
||||
global $adminer;
|
||||
if (is_array($val)) {
|
||||
$return = "";
|
||||
foreach ($val as $k => $v) {
|
||||
|
|
@ -1233,11 +1233,8 @@ function select_value($val, $link, $field, $text_length) {
|
|||
if (is_mail($val)) {
|
||||
$link = "mailto:$val";
|
||||
}
|
||||
if ($protocol = is_url($val)) {
|
||||
$link = (($protocol == "http" && $HTTPS) || preg_match('~WebKit|Firefox~i', $_SERVER["HTTP_USER_AGENT"]) // WebKit supports noreferrer since 2009, Firefox since version 38
|
||||
? $val // HTTP links from HTTPS pages don't receive Referer automatically
|
||||
: "https://www.adminer.org/redirect/?url=" . urlencode($val) // intermediate page to hide Referer
|
||||
);
|
||||
if (is_url($val)) {
|
||||
$link = $val; // IE 11 and all modern browsers hide referrer
|
||||
}
|
||||
}
|
||||
$return = $adminer->editVal($val, $field);
|
||||
|
|
@ -1268,11 +1265,11 @@ function is_mail($email) {
|
|||
|
||||
/** Check whether the string is URL address
|
||||
* @param string
|
||||
* @return string "http", "https" or ""
|
||||
* @return bool
|
||||
*/
|
||||
function is_url($string) {
|
||||
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN
|
||||
return (preg_match("~^(https?)://($domain?\\.)+$domain(:\\d+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters
|
||||
return preg_match("~^(https?)://($domain?\\.)+$domain(:\\d+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string); //! restrict path, query and fragment characters
|
||||
}
|
||||
|
||||
/** Check if field should be shortened
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
*/
|
||||
function bodyLoad(version) {
|
||||
if (window.jush) {
|
||||
jush.create_links = ' target="_blank" rel="noopener"';
|
||||
jush.create_links = ' target="_blank" rel="noreferrer noopener"';
|
||||
if (version) {
|
||||
for (var key in jush.urls) {
|
||||
var obj = jush.urls;
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@ Adminer 4.5.1-dev:
|
|||
Fix counting selected rows after going back to select page
|
||||
PHP <5.3 compatibility even with Elasticsearch enabled
|
||||
Fully support functions in default values
|
||||
Stop redirecting links via adminer.org
|
||||
MariaDB: Support JSON since MariaDB 10.2
|
||||
PostgreSQL: Support functions
|
||||
PostgreSQL: Allow editing views with uppercase letters (bug #467)
|
||||
|
|
|
|||
|
|
@ -195,7 +195,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
|
|||
$return = (preg_match('~^(1|t|true|y|yes|on)$~i', $value) ? lang('yes') : lang('no'));
|
||||
}
|
||||
if ($link) {
|
||||
$return = "<a href='$link'" . (is_url($link) ? " rel='noreferrer'" : "") . ">$return</a>";
|
||||
$return = "<a href='$link'" . (is_url($link) ? target_blank() : "") . ">$return</a>";
|
||||
}
|
||||
if (!$link && !like_bool($field) && preg_match('~int|float|double|decimal~', $field["type"])) {
|
||||
$return = "<div class='number'>$return</div>"; // Firefox doesn't support <colgroup>
|
||||
|
|
|
|||
|
|
@ -1,17 +0,0 @@
|
|||
<?php
|
||||
|
||||
/** Avoid redirecting of external links through adminer.org and disclose the URL of installed Adminer to visited links
|
||||
* @link https://www.adminer.org/plugins/#use
|
||||
* @author Jakub Vrana, https://www.vrana.cz/
|
||||
* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
|
||||
* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
|
||||
*/
|
||||
class AdminerLinksDirect {
|
||||
|
||||
function selectLink($val, $field) {
|
||||
if (is_url($val)) {
|
||||
return $val;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
Loading…
Reference in a new issue