private function _logo()
{
// display Logo, depending on $GLOBALS['cfg']['NavigationDisplayLogo']
if (!$GLOBALS['cfg']['NavigationDisplayLogo']) {
return Template::get('navigation/logo')->render(array('displayLogo' => false));
}
$logo = 'phpMyAdmin';
if (@file_exists($GLOBALS['pmaThemeImage'] . 'logo_left.png')) {
$logo = '<img src="' . $GLOBALS['pmaThemeImage'] . 'logo_left.png" ' . 'alt="' . $logo . '" id="imgpmalogo" />';
} elseif (@file_exists($GLOBALS['pmaThemeImage'] . 'pma_logo2.png')) {
$logo = '<img src="' . $GLOBALS['pmaThemeImage'] . 'pma_logo2.png" ' . 'alt="' . $logo . '" id="imgpmalogo" />';
}
if (!$GLOBALS['cfg']['NavigationLogoLink']) {
return Template::get('navigation/logo')->render(array('displayLogo' => true, 'useLogoLink' => false, 'logo' => $logo));
}
$useLogoLink = true;
$linkAttriks = null;
$logoLink = trim(htmlspecialchars($GLOBALS['cfg']['NavigationLogoLink']));
// prevent XSS, see PMASA-2013-9
// if link has protocol, allow only http and https
if (!Sanitize::checkLink($logoLink, true)) {
$logoLink = 'index.php';
}
switch ($GLOBALS['cfg']['NavigationLogoLinkWindow']) {
case 'new':
$linkAttriks = 'target="_blank" rel="noopener noreferrer"';
break;
case 'main':
// do not add our parameters for an external link
$host = parse_url($GLOBALS['cfg']['NavigationLogoLink'], PHP_URL_HOST);
if (empty($host)) {
$logoLink .= URL::getCommon();
} else {
$linkAttriks = 'target="_blank" rel="noopener noreferrer"';
}
}
return Template::get('navigation/logo')->render(array('displayLogo' => true, 'useLogoLink' => $useLogoLink, 'logoLink' => $logoLink, 'linkAttribs' => $linkAttriks, 'logo' => $logo));
}