crtxcr/cgitsb
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ui-shared: Avoid new line injection into redirect header

Browse Source
This commit is contained in:
Jason A. Donenfeld 2016-01-14 14:13:39 +01:00
parent 4c69241b05
commit 4291453ec3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ui-shared.c
View File

@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
void cgit_redirect(const char *url, bool permanent)
{
htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
htmlf("Location: %s\n\n", url);
html("Location: ");
html_url_path(url);
html("\n\n");
exit(0);
}