From mboxrd@z Thu Jan 1 00:00:00 1970 From: john at keeping.me.uk (John Keeping) Date: Sun, 12 Jan 2014 19:45:16 +0000 Subject: [PATCH 2/3] ui-shared: URL-escape script_name In-Reply-To: <432e1f40c0d887db602ec9411ae16c45896a54f5.1389555852.git.john@keeping.me.uk> References: <432e1f40c0d887db602ec9411ae16c45896a54f5.1389555852.git.john@keeping.me.uk> Message-ID: <743715d4d544aac87ea7707e47eef6e115f908f5.1389555852.git.john@keeping.me.uk> As far as I know, there is no requirement that $SCRIPT_NAME contain only URL-safe characters, so we need to make sure that any special characters are escaped. Signed-off-by: John Keeping --- ui-shared.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ui-shared.c b/ui-shared.c index 2c12de7..abe15cd 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -139,7 +139,7 @@ static void site_url(const char *page, const char *search, const char *sort, int if (ctx.cfg.virtual_root) html_attr(ctx.cfg.virtual_root); else - html(ctx.cfg.script_name); + html_url_path(ctx.cfg.script_name); if (page) { htmlf("?p=%s", page); @@ -219,7 +219,7 @@ static char *repolink(const char *title, const char *class, const char *page, html_url_path(path); } } else { - html(ctx.cfg.script_name); + html_url_path(ctx.cfg.script_name); html("?url="); html_url_arg(ctx.repo->url); if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/') -- 1.8.5.226.g0d60d77