/** * Callback function for replacing [a@link@target] links in bb code. * * @param array $found Array of preg matches * * @return string Replaced string */ function PMA_replaceBBLink($found) { /* Check for valid link */ if (!PMA_checkLink($found[1])) { return $found[0]; } /* a-z and _ allowed in target */ if (!empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) { return $found[0]; } /* Construct target */ $target = ''; if (!empty($found[3])) { $target = ' target="' . $found[3] . '"'; if ($found[3] == '_blank') { $target .= ' rel="noopener noreferrer"'; } } /* Construct url */ if (substr($found[1], 0, 4) == 'http') { $url = PMA_linkURL($found[1]); } else { $url = $found[1]; } return '<a href="' . $url . '"' . $target . '>'; }
/** * Does the actual work of each specific transformations plugin. * * @param string $buffer text to be transformed * @param array $options transformation options * @param string $meta meta information * * @return string */ public function applyTransformation($buffer, $options = array(), $meta = '') { $url = (isset($options[0]) ? $options[0] : '') . (isset($options[2]) && $options[2] ? '' : $buffer); /* Do not allow javascript links */ if (!PMA_checkLink($url, true, true)) { return htmlspecialchars($url); } return '<a href="' . htmlspecialchars($url) . '" title="' . htmlspecialchars(isset($options[1]) ? $options[1] : '') . '" target="_blank" rel="noopener noreferrer">' . htmlspecialchars(isset($options[1]) ? $options[1] : $buffer) . '</a>'; }
/** * Does the actual work of each specific transformations plugin. * * @param string $buffer text to be transformed * @param array $options transformation options * @param string $meta meta information * * @return string */ public function applyTransformation($buffer, $options = array(), $meta = '') { $url = (isset($options[0]) ? $options[0] : '') . $buffer; /* Do not allow javascript links */ if (!PMA_checkLink($url, true, true)) { return htmlspecialchars($url); } return '<a href="' . htmlspecialchars($url) . '" rel="noopener noreferrer" target="_blank"><img src="' . htmlspecialchars($url) . '" border="0" width="' . (isset($options[1]) ? intval($options[1]) : 100) . '" height="' . (isset($options[2]) ? intval($options[2]) : 50) . '" />' . htmlspecialchars($buffer) . '</a>'; }
/** * Create the code for displaying the phpMyAdmin * logo based on configuration settings * * @return string HTML code for the logo */ private function _logo() { // display Logo, depending on $GLOBALS['cfg']['NavigationDisplayLogo'] if (!$GLOBALS['cfg']['NavigationDisplayLogo']) { return Template::get('navigation/logo')->render(array('displayLogo' => false)); } $logo = 'phpMyAdmin'; if (@file_exists($GLOBALS['pmaThemeImage'] . 'logo_left.png')) { $logo = '<img src="' . $GLOBALS['pmaThemeImage'] . 'logo_left.png" ' . 'alt="' . $logo . '" id="imgpmalogo" />'; } elseif (@file_exists($GLOBALS['pmaThemeImage'] . 'pma_logo2.png')) { $logo = '<img src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo2.png" ' . 'alt="' . $logo . '" id="imgpmalogo" />'; } if (!$GLOBALS['cfg']['NavigationLogoLink']) { return Template::get('navigation/logo')->render(array('displayLogo' => true, 'useLogoLink' => false, 'logo' => $logo)); } $useLogoLink = true; $linkAttriks = null; $logoLink = trim(htmlspecialchars($GLOBALS['cfg']['NavigationLogoLink'])); // prevent XSS, see PMASA-2013-9 // if link has protocol, allow only http and https if (!PMA_checkLink($logoLink, true)) { $logoLink = 'index.php'; } switch ($GLOBALS['cfg']['NavigationLogoLinkWindow']) { case 'new': $linkAttriks = 'target="_blank" rel="noopener noreferrer"'; break; case 'main': // do not add our parameters for an external link $host = parse_url($GLOBALS['cfg']['NavigationLogoLink'], PHP_URL_HOST); if (empty($host)) { $logoLink .= PMA_URL_getCommon(); } else { $linkAttriks = 'target="_blank" rel="noopener noreferrer"'; } } return Template::get('navigation/logo')->render(array('displayLogo' => true, 'useLogoLink' => $useLogoLink, 'logoLink' => $logoLink, 'linkAttribs' => $linkAttriks, 'logo' => $logo)); }
/** * Callback function for replacing [a@link@target] links in bb code. * * @param array $found Array of preg matches * * @return string Replaced string */ function PMA_replaceBBLink($found) { /* Check for valid link */ if (!PMA_checkLink($found[1])) { return $found[0]; } /* a-z and _ allowed in target */ if (!empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) { return $found[0]; } /* Construct target */ $target = ''; if (!empty($found[3])) { $target = ' target="' . $found[3] . '"'; } /* Construct url */ if ($GLOBALS['PMA_String']->substr($found[1], 0, 4) == 'http') { $url = PMA_linkURL($found[1]); } else { $url = $found[1]; } return '<a href="' . $url . '"' . $target . '>'; }