ui-shared: Avoid new line injection into redirect header

[ps-cgit] / ui-shared.c

diff --git a/ui-shared.c b/ui-shared.c
index 48358cc04170df515e23f3a07af6111f0bab7f35..21f581f07fbf98feba066796fd3d489dfd5efca7 100644 (file)
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -709,7 +709,9 @@ void cgit_print_http_headers(void)
 void cgit_redirect(const char *url, bool permanent)
 {
        htmlf("Status: %d %s\n", permanent ? 301 : 302, permanent ? "Moved" : "Found");
-       htmlf("Location: %s\n\n", url);
+       html("Location: ");
+       html_url_path(url);
+       html("\n\n");
        exit(0);
 }
 
@@ -889,6 +891,9 @@ void cgit_add_hidden_formfields(int incl_head, int incl_search,
 
 static const char *hc(const char *page)
 {
+       if (!ctx.qry.page)
+               return NULL;
+
        return strcmp(ctx.qry.page, page) ? NULL : "active";
 }