about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2016-01-14 14:13:39 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2016-01-14 14:18:17 +0100
commit4291453ec30656c2f59645d8a74cf295ce0253a9 (patch)
tree136f9ba52bb9cfebb9c0ab797661dba3ecaeaba3
parentFix missing prototype declarations (diff)
downloadcgit-pink-4291453ec30656c2f59645d8a74cf295ce0253a9.tar.gz
cgit-pink-4291453ec30656c2f59645d8a74cf295ce0253a9.zip
ui-shared: Avoid new line injection into redirect header
Diffstat
-rw-r--r--ui-shared.c4


1 files changed, 3 insertions, 1 deletions
diff --git a/ui-shared.c b/ui-shared.c
index 5b48734..21f581f 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
 void cgit_redirect(const char *url, bool permanent)
 {
 	htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
-	htmlf("Location: %s\n\n", url);
+	html("Location: ");
+	html_url_path(url);
+	html("\n\n");
 	exit(0);
 }
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-03-10 04:57:08 +0000


 


ighlight'>
I figure there should be some way to scroll without keypad, and
apparently this is what emacs offers...



2020-02-12Allow for arguments to open/copy utilitiesJune McEnroe


2020-02-12Handle RPL_AWAYJune McEnroe


2020-02-11Support monochromatic terminalsJune McEnroe

Oops, division by zero!



2020-02-11Add .gz to chroot-man scriptJune McEnroe


2020-02-11Add -R restricted flagJune McEnroe


2020-02-11Add chroot targetJune McEnroe


2020-02-11Exit focus and paste modes on err exitJune McEnroe


2020-02-11Add startup GPLv3 note and URLJune McEnroe

I am a degenerate.



2020-02-11Make sure -D_GNU_SOURCE ends up in CFLAGS on LinuxJune McEnroe


2020-02-11Add note about setting PKG_CONFIG_PATHJune McEnroe


2020-02-11Rename query ID on nick changeJune McEnroe


2020-02-11Call completeClear when closing a windowJune McEnroe


2020-02-11Don't insert color codes for non-mentionsJune McEnroe


2020-02-11Take first two words in colorMentionsJune McEnroe

This lets phrases like "hi june" get colored, but still doesn't get
carried away.



2020-02-11Use time_t for save signatureJune McEnroe

It's actually more likely to be 64-bit than size_t anyway, and it
eliminates some helper functions.

Also don't error when reading an empty save file.



2020-02-11Set self.nick to * initiallyJune McEnroe

Allows removing a bunch of checks that self.nick is set, and it's what
the server usually calls you before registration.

Never highlight notices as mentions.



2020-02-11Define ColorCap instead of hardcoding 100June McEnroe


2020-02-11Move hash to top of chat.hJune McEnroe


2020-02-11Move base64 out of chat.hJune McEnroe


2020-02-11Move XDG_SUBDIR out of chat.hJune McEnroe


2020-02-11Fix whois idle unit calculationJune McEnroe

Rookie mistake.



2020-02-11Cast towupper to wchar_tJune McEnroe

For some reason it takes and returns wint_t...



2020-02-11Cast set but unused variables to voidJune McEnroe


2020-02-11Declare strlcatJune McEnroe


2020-02-11Check if VDSUSP existsJune McEnroe


2020-02-11Fix completeReplace iterationJune McEnroe


2020-02-11Use pkg(8) to configure on FreeBSDJune McEnroe


2020-02-11Remove legacy codeJune McEnroe


2020-02-11Add INSTALLING section to READMEJune McEnroe