summaryrefslogtreecommitdiffabout
authorLars Hjemli <hjemli@gmail.com>2008-10-05 10:49:46 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2008-10-05 10:49:46 (UTC)
commita36a0d9dec8a3ba79501d2526d648e44306f0fdd (patch) (side-by-side diff)
treeab9a6b2a0fc413887fb3fc1ddfd4fce54e26b599
parentf82b19407dd876e6c02a572615bf34b09f6fa831 (diff)
downloadcgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.zip
cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.gz
cgit-a36a0d9dec8a3ba79501d2526d648e44306f0fdd.tar.bz2
html.c: add html_url_arg
This function can be used to properly escape querystring parameter values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--html.c16
-rw-r--r--html.h1
2 files changed, 17 insertions, 0 deletions
diff --git a/html.c b/html.c
index 36e9a2f..167127f 100644
--- a/html.c
+++ b/html.c
@@ -115,32 +115,48 @@ void html_attr(char *txt)
if (c=='<' || c=='>' || c=='\'') {
write(htmlfd, txt, t - txt);
if (c=='>')
html("&gt;");
else if (c=='<')
html("&lt;");
else if (c=='\'')
html("&quote;");
txt = t+1;
}
t++;
}
if (t!=txt)
html(txt);
}
+void html_url_arg(char *txt)
+{
+ char *t = txt;
+ while(t && *t){
+ int c = *t;
+ if (c=='"' || c=='#' || c=='%' || c=='&' || c=='\'' || c=='+' || c=='?') {
+ write(htmlfd, txt, t - txt);
+ write(htmlfd, fmt("%%%2x", c), 3);
+ txt = t+1;
+ }
+ t++;
+ }
+ if (t!=txt)
+ html(txt);
+}
+
void html_hidden(char *name, char *value)
{
html("<input type='hidden' name='");
html_attr(name);
html("' value='");
html_attr(value);
html("'/>");
}
void html_option(char *value, char *text, char *selected_value)
{
html("<option value='");
html_attr(value);
html("'");
if (selected_value && !strcmp(selected_value, value))
html(" selected='selected'");
diff --git a/html.h b/html.h
index 3c32935..038cf60 100644
--- a/html.h
+++ b/html.h
@@ -1,22 +1,23 @@
#ifndef HTML_H
#define HTML_H
extern int htmlfd;
extern void html_raw(const char *txt, size_t size);
extern void html(const char *txt);
extern void htmlf(const char *format,...);
extern void html_status(int code, const char *msg, int more_headers);
extern void html_txt(char *txt);
extern void html_ntxt(int len, char *txt);
extern void html_attr(char *txt);
+extern void html_url_arg(char *txt);
extern void html_hidden(char *name, char *value);
extern void html_option(char *value, char *text, char *selected_value);
extern void html_link_open(char *url, char *title, char *class);
extern void html_link_close(void);
extern void html_fileperm(unsigned short mode);
extern int html_include(const char *filename);
extern int http_parse_querystring(char *txt, void (*fn)(const char *name, const char *value));
#endif /* HTML_H */