public static function checkLink($url, $http = false, $other = false)
{
$url = strtolower($url);
$valid_starts = array('https://', './url.php?url=https%3a%2f%2f', './doc/html/', './index.php?', './server_databases.php?', './server_status.php?', './server_variables.php?', './server_privileges.php?', './db_structure.php?', './db_sql.php?', './db_search.php?', './db_operations.php?', './tbl_structure.php?', './tbl_sql.php?', './tbl_select.php?', './tbl_change.php?', './sql.php?', './db_events.php?', './db_routines.php?', './server_privileges.php?', './tbl_structure.php?');
// Adjust path to setup script location
if (defined('PMA_SETUP')) {
foreach ($valid_starts as $key => $value) {
if (substr($value, 0, 2) === './') {
$valid_starts[$key] = '.' . $value;
}
}
}
if ($other) {
$valid_starts[] = 'mailto:';
$valid_starts[] = 'ftp://';
}
if ($http) {
$valid_starts[] = 'http://';
}
if (defined('PMA_SETUP')) {
$valid_starts[] = '?page=form&';
$valid_starts[] = '?page=servers&';
}
foreach ($valid_starts as $val) {
if (substr($url, 0, strlen($val)) == $val) {
return true;
}
}
return false;
} /**
* Callback function for replacing [a@link@target] links in bb code.
*
* @param array $found Array of preg matches
*
* @return string Replaced string
*/
public static function replaceBBLink($found)
{
/* Check for valid link */
if (!Sanitize::checkLink($found[1])) {
return $found[0];
}
/* a-z and _ allowed in target */
if (!empty($found[3]) && preg_match('/[^a-z_]+/i', $found[3])) {
return $found[0];
}
/* Construct target */
$target = '';
if (!empty($found[3])) {
$target = ' target="' . $found[3] . '"';
if ($found[3] == '_blank') {
$target .= ' rel="noopener noreferrer"';
}
}
/* Construct url */
if (substr($found[1], 0, 4) == 'http') {
$url = PMA_linkURL($found[1]);
} else {
$url = $found[1];
}
return '<a href="' . $url . '"' . $target . '>';
}
