ui-shared: use html_url_path() to get properly escaped url in form action
When a repo uses an url with e.g. '#' or '?' characters this needs to be properly escaped when used as action in a form tag. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
b7f33786ef
commit
2e884f3162
@ -649,8 +649,8 @@ void cgit_print_pageheader(struct cgit_context *ctx)
|
|||||||
html("</td><td class='form'>");
|
html("</td><td class='form'>");
|
||||||
html("<form class='right' method='get' action='");
|
html("<form class='right' method='get' action='");
|
||||||
if (ctx->cfg.virtual_root)
|
if (ctx->cfg.virtual_root)
|
||||||
html_attr(cgit_fileurl(ctx->qry.repo, "log",
|
html_url_path(cgit_fileurl(ctx->qry.repo, "log",
|
||||||
ctx->qry.path, NULL));
|
ctx->qry.path, NULL));
|
||||||
html("'>\n");
|
html("'>\n");
|
||||||
add_hidden_formfields(1, 0, "log");
|
add_hidden_formfields(1, 0, "log");
|
||||||
html("<select name='qt'>\n");
|
html("<select name='qt'>\n");
|
||||||
|
Loading…
Reference in New Issue
Block a user