ui-shared: Avoid new line injection into redirect header

[ps-cgit] / ui-shared.c

diff --git a/ui-shared.c b/ui-shared.c
index 5b487342d7f09e0faca82cbdb195aa8ae076b6aa..21f581f07fbf98feba066796fd3d489dfd5efca7 100644 (file)
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
 void cgit_redirect(const char *url, bool permanent)
 {
        htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
-       htmlf("Location: %s\n\n", url);
+       html("Location: ");
+       html_url_path(url);
+       html("\n\n");
        exit(0);
 }