From 4291453ec30656c2f59645d8a74cf295ce0253a9 Mon Sep 17 00:00:00 2001 From: Jason A. Donenfeld Date: Thu, 14 Jan 2016 14:13:39 +0100 Subject: ui-shared: Avoid new line injection into redirect header --- ui-shared.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ui-shared.c b/ui-shared.c index 5b48734..21f581f 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -709,7 +709,9 @@ void cgit_print_http_headers(void) void cgit_redirect(const char *url, bool permanent) { htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); - htmlf("Location: %s\n\n", url); + html("Location: "); + html_url_path(url); + html("\n\n"); exit(0); } -- cgit 1.4.1-21-gabe81