ui-shared: Avoid new line injection into redirect header

ui-shared.c

@@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
 void cgit_redirect(const char *url, bool permanent)
 {
 	htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
-	htmlf("Location: %s\n\n", url);
+	html("Location: ");
+	html_url_path(url);
+	html("\n\n");
 	exit(0);
 }