From 4291453ec30656c2f59645d8a74cf295ce0253a9 Mon Sep 17 00:00:00 2001
From: Jason A. Donenfeld
Date: Thu, 14 Jan 2016 14:13:39 +0100
Subject: ui-shared: Avoid new line injection into redirect header

---
 ui-shared.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui-shared.c b/ui-shared.c
index 5b48734..21f581f 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
 void cgit_redirect(const char *url, bool permanent)
 {
 	htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
-	htmlf("Location: %s\n\n", url);
+	html("Location: ");
+	html_url_path(url);
+	html("\n\n");
 	exit(0);
 }
 
-- 
cgit 1.4.1-21-gabe81