[security] Content spoofing on url.php

Signed-off-by: Marc Delisle <marc@infomarc.info>
phpmyadmin · Oct 20, 2015 · 2b31866 · 2b31866
1 parent 1113ba0
commit 2b31866
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/url.php b/url.php
@@ -32,7 +32,8 @@
             }
         </script>";
     // Display redirecting msg on screen.
-    printf(__('Taking you to %s.'), htmlspecialchars($_GET['url']));
+    // Do not display the value of $_GET['url'] to avoid showing injected content
+    echo __('Taking you to the target site.');
 }
 die();
 ?>