about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorJohn Keeping2014-01-12 19:45:16 +0000
committerJason A. Donenfeld2014-01-12 23:02:19 +0100
commita45030f8ee10bc97ffcf1bf0061a2e6f22c7252a (patch)
treea4e955fdb42b6f6dd2b2015977c99daa031dbf52
parentui-refs: escape HTML chars in author and tagger names (diff)
downloadcgit-a45030f8ee10bc97ffcf1bf0061a2e6f22c7252a.tar.gz
cgit-a45030f8ee10bc97ffcf1bf0061a2e6f22c7252a.zip
ui-shared: URL-escape script_name
As far as I know, there is no requirement that $SCRIPT_NAME contain only
URL-safe characters, so we need to make sure that any special characters
are escaped.

Signed-off-by: John Keeping <john@keeping.me.uk>
-rw-r--r--ui-shared.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/ui-shared.c b/ui-shared.c index 2c12de7..abe15cd 100644 --- a/ui-shared.c +++ b/ui-shared.c
@@ -139,7 +139,7 @@ static void site_url(const char *page, const char *search, const char *sort, int
139 if (ctx.cfg.virtual_root) 139 if (ctx.cfg.virtual_root)
140 html_attr(ctx.cfg.virtual_root); 140 html_attr(ctx.cfg.virtual_root);
141 else 141 else
142 html(ctx.cfg.script_name); 142 html_url_path(ctx.cfg.script_name);
143 143
144 if (page) { 144 if (page) {
145 htmlf("?p=%s", page); 145 htmlf("?p=%s", page);
@@ -219,7 +219,7 @@ static char *repolink(const char *title, const char *class, const char *page,
219 html_url_path(path); 219 html_url_path(path);
220 } 220 }
221 } else { 221 } else {
222 html(ctx.cfg.script_name); 222 html_url_path(ctx.cfg.script_name);
223 html("?url="); 223 html("?url=");
224 html_url_arg(ctx.repo->url); 224 html_url_arg(ctx.repo->url);
225 if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/') 225 if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')