diff options
| author | Jason A. Donenfeld | 2016-01-14 14:13:39 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld | 2016-01-14 14:18:17 +0100 |
| commit | 4291453ec30656c2f59645d8a74cf295ce0253a9 (patch) | |
| tree | 136f9ba52bb9cfebb9c0ab797661dba3ecaeaba3 | |
| parent | 4c69241b052f7fa6d4c967bd9bc97c9db92a9572 (diff) | |
| download | cgit-4291453ec30656c2f59645d8a74cf295ce0253a9.tar.gz cgit-4291453ec30656c2f59645d8a74cf295ce0253a9.tar.bz2 cgit-4291453ec30656c2f59645d8a74cf295ce0253a9.zip | |
ui-shared: Avoid new line injection into redirect header
| -rw-r--r-- | ui-shared.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ui-shared.c b/ui-shared.c index 5b48734..21f581f 100644 --- a/ui-shared.c +++ b/ui-shared.c | |||
| @@ -709,7 +709,9 @@ void cgit_print_http_headers(void) | |||
| 709 | void cgit_redirect(const char *url, bool permanent) | 709 | void cgit_redirect(const char *url, bool permanent) |
| 710 | { | 710 | { |
| 711 | htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); | 711 | htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); |
| 712 | htmlf("Location: %s\n\n", url); | 712 | html("Location: "); |
| 713 | html_url_path(url); | ||
| 714 | html("\n\n"); | ||
| 713 | exit(0); | 715 | exit(0); |
| 714 | } | 716 | } |
| 715 | 717 | ||