diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-01-14 16:13:39 +0300 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-01-14 16:18:17 +0300 |
commit | 4291453ec30656c2f59645d8a74cf295ce0253a9 (patch) | |
tree | 136f9ba52bb9cfebb9c0ab797661dba3ecaeaba3 /ui-shared.c | |
parent | 4c69241b052f7fa6d4c967bd9bc97c9db92a9572 (diff) |
ui-shared: Avoid new line injection into redirect header
Diffstat (limited to 'ui-shared.c')
-rw-r--r-- | ui-shared.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ui-shared.c b/ui-shared.c index 5b48734..21f581f 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -709,7 +709,9 @@ void cgit_print_http_headers(void) void cgit_redirect(const char *url, bool permanent) { htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); - htmlf("Location: %s\n\n", url); + html("Location: "); + html_url_path(url); + html("\n\n"); exit(0); } |