ui-shared: prevent malicious filename from injecting headers

author: Jason A. Donenfeld 2016-01-14 14:28:37 +0100
committer: Jason A. Donenfeld 2016-01-14 14:28:37 +0100
commit: 513b3863d999f91b47d7e9f26710390db55f9463 (patch)
tree: f704af1ea3f8da9b3b2904fbe8ed8233278314c6 /html.c
parent: 4291453ec30656c2f59645d8a74cf295ce0253a9 (diff)
download: cgit-513b3863d999f91b47d7e9f26710390db55f9463.tar.gz
cgit-513b3863d999f91b47d7e9f26710390db55f9463.tar.bz2
cgit-513b3863d999f91b47d7e9f26710390db55f9463.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/html.c b/html.c
index 959148c..d89df3a 100644
--- a/html.c
+++ b/html.c
@@ -239,6 +239,32 @@ void html_url_arg(const char *txt)
                html(txt);
 }
+void html_header_arg_in_quotes(const char *txt)
+{
+        const char *t = txt;
+        while (t && *t) {
+                unsigned char c = *t;
+                const char *e = NULL;
+                if (c == '\\')
+                        e = "\\\\";
+                else if (c == '\r')
+                        e = "\\r";
+                else if (c == '\n')
+                        e = "\\n";
+                else if (c == '"')
+                        e = "\\\"";
+                if (e) {
+                        html_raw(txt, t - txt);
+                        html(e);
+                        txt = t + 1;
+                }
+                t++;
+        }
+        if (t != txt)
+                html(txt);
+}
 void html_hidden(const char *name, const char *value)
 {
        html("<input type='hidden' name='");
author	Jason A. Donenfeld	2016-01-14 14:28:37 +0100
committer	Jason A. Donenfeld	2016-01-14 14:28:37 +0100
commit	513b3863d999f91b47d7e9f26710390db55f9463 (patch)
tree	f704af1ea3f8da9b3b2904fbe8ed8233278314c6 /html.c
parent	4291453ec30656c2f59645d8a74cf295ce0253a9 (diff)
download	cgit-513b3863d999f91b47d7e9f26710390db55f9463.tar.gz cgit-513b3863d999f91b47d7e9f26710390db55f9463.tar.bz2 cgit-513b3863d999f91b47d7e9f26710390db55f9463.zip

diff --git a/html.c b/html.c index 959148c..d89df3a 100644 --- a/html.c +++ b/html.c
@@ -239,6 +239,32 @@ void html_url_arg(const char *txt)
239	html(txt);	239	html(txt);
240	}	240	}
241		241
		242	void html_header_arg_in_quotes(const char *txt)
		243	{
		244	const char *t = txt;
		245	while (t && *t) {
		246	unsigned char c = *t;
		247	const char *e = NULL;
		248	if (c == '\\')
		249	e = "\\\\";
		250	else if (c == '\r')
		251	e = "\\r";
		252	else if (c == '\n')
		253	e = "\\n";
		254	else if (c == '"')
		255	e = "\\\"";
		256	if (e) {
		257	html_raw(txt, t - txt);
		258	html(e);
		259	txt = t + 1;
		260	}
		261	t++;
		262	}
		263	if (t != txt)
		264	html(txt);
		265
		266	}
		267
242	void html_hidden(const char name, const char value)	268	void html_hidden(const char name, const char value)
243	{	269	{
244	html("<input type='hidden' name='");	270	html("<input type='hidden' name='");