1
0
mirror of https://gitea.quitesimple.org/crtxcr/cgitsb synced 2024-11-23 08:32:09 +01:00

ui-shared: URL-escape script_name

As far as I know, there is no requirement that $SCRIPT_NAME contain only
URL-safe characters, so we need to make sure that any special characters
are escaped.

Signed-off-by: John Keeping <john@keeping.me.uk>
This commit is contained in:
John Keeping 2014-01-12 19:45:16 +00:00 committed by Jason A. Donenfeld
parent d1a6ece439
commit a45030f8ee

@ -139,7 +139,7 @@ static void site_url(const char *page, const char *search, const char *sort, int
if (ctx.cfg.virtual_root)
html_attr(ctx.cfg.virtual_root);
else
html(ctx.cfg.script_name);
html_url_path(ctx.cfg.script_name);
if (page) {
htmlf("?p=%s", page);
@ -219,7 +219,7 @@ static char *repolink(const char *title, const char *class, const char *page,
html_url_path(path);
}
} else {
html(ctx.cfg.script_name);
html_url_path(ctx.cfg.script_name);
html("?url=");
html_url_arg(ctx.repo->url);
if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')