neocgit

a more 'modern' version of cgit
Log | Files | Refs | Submodules | README | LICENSE | git clone https://git.ne02ptzero.me/git/neocgit

commit 4291453ec30656c2f59645d8a74cf295ce0253a9
parent 4c69241b052f7fa6d4c967bd9bc97c9db92a9572
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date:   Thu, 14 Jan 2016 14:13:39 +0100

ui-shared: Avoid new line injection into redirect header

Diffstat:
Mui-shared.c | 4+++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui-shared.c b/ui-shared.c @@ -709,7 +709,9 @@ void cgit_print_http_headers(void) void cgit_redirect(const char *url, bool permanent) { htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); - htmlf("Location: %s\n\n", url); + html("Location: "); + html_url_path(url); + html("\n\n"); exit(0); }