]> granicus.if.org Git - cgit/commitdiff
ui-shared: Avoid new line injection into redirect header
authorJason A. Donenfeld <Jason@zx2c4.com>
Thu, 14 Jan 2016 13:13:39 +0000 (14:13 +0100)
committerJason A. Donenfeld <Jason@zx2c4.com>
Thu, 14 Jan 2016 13:18:17 +0000 (14:18 +0100)
ui-shared.c

index 5b487342d7f09e0faca82cbdb195aa8ae076b6aa..21f581f07fbf98feba066796fd3d489dfd5efca7 100644 (file)
@@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
 void cgit_redirect(const char *url, bool permanent)
 {
        htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
-       htmlf("Location: %s\n\n", url);
+       html("Location: ");
+       html_url_path(url);
+       html("\n\n");
        exit(0);
 }