From 9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Mon, 1 Dec 2014 21:51:59 +0530
Subject: [PATCH 1/1] bug #4612 [security] XSS vulnerability in redirection
 mechanism

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
---
 ChangeLog | 3 +++
 url.php   | 6 +++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/url.php b/url.php
index 71efc9f..82b2243 100644
--- a/url.php
+++ b/url.php
@@ -11,6 +11,10 @@
  */
 define('PMA_MINIMUM_COMMON', true);
 require_once './libraries/common.inc.php';
+/**
+ * JavaScript escaping.
+ */
+require_once './libraries/js_escape.lib.php';
 
 if (! PMA_isValid($_GET['url'])
     || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])
@@ -24,7 +28,7 @@ if (! PMA_isValid($_GET['url'])
     //  external site.
     echo "<script type='text/javascript'>
             window.onload=function(){
-                window.location='" . htmlspecialchars($_GET['url']) . "';
+                window.location='" . PMA_escapeJsString($_GET['url']) . "';
             }
         </script>";
     // Display redirecting msg on screen.
-- 
2.1.4