diff options
| author | Jason A. Donenfeld | 2016-01-14 14:28:37 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld | 2016-01-14 14:28:37 +0100 |
| commit | 513b3863d999f91b47d7e9f26710390db55f9463 (patch) | |
| tree | f704af1ea3f8da9b3b2904fbe8ed8233278314c6 /html.c | |
| parent | ui-shared: Avoid new line injection into redirect header (diff) | |
| download | cgit-513b3863d999f91b47d7e9f26710390db55f9463.tar.gz cgit-513b3863d999f91b47d7e9f26710390db55f9463.zip | |
ui-shared: prevent malicious filename from injecting headers
Diffstat (limited to 'html.c')
| -rw-r--r-- | html.c | 26 |
1 files changed, 26 insertions, 0 deletions
| diff --git a/html.c b/html.c index 959148c..d89df3a 100644 --- a/html.c +++ b/html.c | |||
| @@ -239,6 +239,32 @@ void html_url_arg(const char *txt) | |||
| 239 | html(txt); | 239 | html(txt); |
| 240 | } | 240 | } |
| 241 | 241 | ||
| 242 | void html_header_arg_in_quotes(const char *txt) | ||
| 243 | { | ||
| 244 | const char *t = txt; | ||
| 245 | while (t && *t) { | ||
| 246 | unsigned char c = *t; | ||
| 247 | const char *e = NULL; | ||
| 248 | if (c == '\\') | ||
| 249 | e = "\\\\"; | ||
| 250 | else if (c == '\r') | ||
| 251 | e = "\\r"; | ||
| 252 | else if (c == '\n') | ||
| 253 | e = "\\n"; | ||
| 254 | else if (c == '"') | ||
| 255 | e = "\\\""; | ||
| 256 | if (e) { | ||
| 257 | html_raw(txt, t - txt); | ||
| 258 | html(e); | ||
| 259 | txt = t + 1; | ||
| 260 | } | ||
| 261 | t++; | ||
| 262 | } | ||
| 263 | if (t != txt) | ||
| 264 | html(txt); | ||
| 265 | |||
| 266 | } | ||
| 267 | |||
| 242 | void html_hidden(const char *name, const char *value) | 268 | void html_hidden(const char *name, const char *value) |
| 243 | { | 269 | { |
| 244 | html("<input type='hidden' name='"); | 270 | html("<input type='hidden' name='"); |