if (!isset($_SERVER["REQUEST_URI"])) {
$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"] . ($_SERVER["QUERY_STRING"] != "" ? "?$_SERVER[QUERY_STRING]" : ""); // IIS 5 compatibility
}
+$HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
if (!ini_bool("session.auto_start")) {
session_name("adminer_sid"); // use specific session name to get own namespace
- $params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off"));
+ $params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
$params[] = true; // HttpOnly
}
* @return null
*/
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
- global $LANG, $VERSION, $adminer, $connection, $drivers;
+ global $LANG, $VERSION, $HTTPS, $adminer, $connection, $drivers;
header("Content-Type: text/html; charset=utf-8");
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
- $protocol = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off") ? "https" : "http");
+ $protocol = ($HTTPS ? "https" : "http");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html lang="<?php echo $LANG; ?>">
* @return bool
*/
function cookie($name, $value) {
+ global $HTTPS;
$params = array(
$name,
(ereg("\n", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2
time() + 2592000, // 2592000 - 30 days
preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]),
"",
- $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")
+ $HTTPS
);
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
$params[] = true; // HttpOnly
/** Check whether the string is URL address
* @param string
-* @return bool
+* @return string "http", "https" or ""
*/
function is_url($string) {
- $domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component
- return preg_match("~^https?://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string); //! restrict path, query and fragment characters
+ $domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN
+ return (preg_match("~^(https?)://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters
}
/** Print header for hidden fieldset (close by </div></fieldset>)
}
}
}
- if (!$link && is_email($val)) {
- $link = "mailto:$val";
- }
- if (!$link && is_url($row[$key])) {
- $link = "http://www.adminer.org/redirect/?url=" . urlencode($row[$key]); // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5
+ if (!$link) {
+ if (is_email($val)) {
+ $link = "mailto:$val";
+ }
+ if ($protocol = is_url($row[$key])) {
+ $link = ($protocol == "http" && $HTTPS
+ ? $row[$key] // HTTP links from HTTPS pages don't receive Referer automatically
+ : "$protocol://www.adminer.org/redirect/?url=" . urlencode($row[$key]) // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5
+ );
+ }
}
$id = h("val[$unique_idf][" . bracket_escape($key) . "]");
$value = $_POST["val"][$unique_idf][bracket_escape($key)];
projects / adminer.git / commitdiff