ui-shared: Avoid new line injection into redirect header

This commit is contained in:
Jason A. Donenfeld 2016-01-14 14:13:39 +01:00
parent 4c69241b05
commit 4291453ec3

View File

@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
void cgit_redirect(const char *url, bool permanent) void cgit_redirect(const char *url, bool permanent)
{ {
htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found"); htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
htmlf("Location: %s\n\n", url); html("Location: ");
html_url_path(url);
html("\n\n");
exit(0); exit(0);
} }