diff options
author | Jason A. Donenfeld | 2016-01-14 14:13:39 +0100 |
---|---|---|
committer | Jason A. Donenfeld | 2016-01-14 14:18:17 +0100 |
commit | 4291453ec30656c2f59645d8a74cf295ce0253a9 (patch) | |
tree | 136f9ba52bb9cfebb9c0ab797661dba3ecaeaba3 | |
parent | Fix missing prototype declarations (diff) | |
download | cgit-4291453ec30656c2f59645d8a74cf295ce0253a9.tar.gz cgit-4291453ec30656c2f59645d8a74cf295ce0253a9.zip |
ui-shared: Avoid new line injection into redirect header
-rw-r--r-- | ui-shared.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ui-shared.c b/ui-shared.c index 5b48734..21f581f 100644 --- a/ui-shared.c +++ b/ui-shared.c | |||
@@ -709,7 +709,9 @@ void cgit_print_http_headers(void) | |||
709 | void cgit_redirect(const char *url, bool permanent) | 709 | void cgit_redirect(const char *url, bool permanent) |
710 | { | 710 | { |
711 | htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); | 711 | htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); |
712 | htmlf("Location: %s\n\n", url); | 712 | html("Location: "); |
713 | html_url_path(url); | ||
714 | html("\n\n"); | ||
713 | exit(0); | 715 | exit(0); |
714 | } | 716 | } |
715 | 717 | ||