diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-01-14 14:13:39 +0100 | 
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2016-01-14 14:18:17 +0100 | 
| commit | 4291453ec30656c2f59645d8a74cf295ce0253a9 (patch) | |
| tree | 136f9ba52bb9cfebb9c0ab797661dba3ecaeaba3 | |
| parent | 4c69241b052f7fa6d4c967bd9bc97c9db92a9572 (diff) | |
ui-shared: Avoid new line injection into redirect header
| -rw-r--r-- | ui-shared.c | 4 | 
1 files changed, 3 insertions, 1 deletions
| diff --git a/ui-shared.c b/ui-shared.c index 5b48734..21f581f 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -709,7 +709,9 @@ void cgit_print_http_headers(void)  void cgit_redirect(const char *url, bool permanent)  {  	htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); -	htmlf("Location: %s\n\n", url); +	html("Location: "); +	html_url_path(url); +	html("\n\n");  	exit(0);  } | 
