ui-shared: use html_url_path() to get properly escaped url in form action

When a repo uses an url with e.g. '#' or '?' characters this needs to be properly escaped when used as action in a form tag. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
author: Lars Hjemli <hjemli@gmail.com> 2008-10-05 17:25:47 (UTC)
committer: Lars Hjemli <hjemli@gmail.com> 2008-10-05 17:25:47 (UTC)
commit: 2e884f3162771880a2a5260713d6b7d1aa25bc6f (patch) (unidiff)
tree: 6d7193cc2ce766ac3d350ba3f2ea20e546ec5344
parent: b7f33786ef4b155a11b0324f84bbde5d7fc9c998 (diff)
download: cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.zip
cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.gz
cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/ui-shared.c b/ui-shared.c
index f858ab6..1e12529 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -628,50 +628,50 @@ void cgit_print_pageheader(struct cgit_context *ctx)
                        html_include(ctx->cfg.index_info);
        }
        html("</td></tr></table>\n");
        html("<table class='tabs'><tr><td>\n");
        if (ctx->repo) {
                cgit_summary_link("summary", NULL, NULL, ctx->qry.head);
                cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head,
                               ctx->qry.sha1, NULL);
                cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head,
                              NULL, NULL, 0, NULL, NULL);
                cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head,
                               ctx->qry.sha1, NULL);
                cgit_commit_link("commit", NULL, hc(cmd, "commit"),
                                 ctx->qry.head, ctx->qry.sha1);
                cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head,
                               ctx->qry.sha1, ctx->qry.sha2, NULL);
                if (ctx->repo->readme)
                        reporevlink("about", "about", NULL,
                                    hc(cmd, "about"), ctx->qry.head, NULL,
                                    NULL);
                html("</td><td class='form'>");
                html("<form class='right' method='get' action='");
                if (ctx->cfg.virtual_root)
-                        html_attr(cgit_fileurl(ctx->qry.repo, "log",
+                        html_url_path(cgit_fileurl(ctx->qry.repo, "log",
-                                               ctx->qry.path, NULL));
+                                                   ctx->qry.path, NULL));
                html("'>\n");
                add_hidden_formfields(1, 0, "log");
                html("<select name='qt'>\n");
                html_option("grep", "log msg", ctx->qry.grep);
                html_option("author", "author", ctx->qry.grep);
                html_option("committer", "committer", ctx->qry.grep);
                html("</select>\n");
                html("<input class='txt' type='text' size='10' name='q' value='");
                html_attr(ctx->qry.search);
                html("'/>\n");
                html("<input type='submit' value='search'/>\n");
                html("</form>\n");
        } else {
                site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0);
                if (ctx->cfg.root_readme)
                        site_link("about", "about", NULL, hc(cmd, "about"),
                                  NULL, 0);
                html("</td><td class='form'>");
                html("<form method='get' action='");
                html_attr(cgit_rooturl());
                html("'>\n");
                html("<input type='text' name='q' size='10' value='");
                html_attr(ctx->qry.search);
                html("'/>\n");
author	Lars Hjemli <hjemli@gmail.com>	2008-10-05 17:25:47 (UTC)
committer	Lars Hjemli <hjemli@gmail.com>	2008-10-05 17:25:47 (UTC)
commit	2e884f3162771880a2a5260713d6b7d1aa25bc6f (patch) (unidiff)
tree	6d7193cc2ce766ac3d350ba3f2ea20e546ec5344
parent	b7f33786ef4b155a11b0324f84bbde5d7fc9c998 (diff)
download	cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.zip cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.gz cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.bz2

diff --git a/ui-shared.c b/ui-shared.c index f858ab6..1e12529 100644 --- a/ui-shared.c +++ b/ui-shared.c
@@ -628,50 +628,50 @@ void cgit_print_pageheader(struct cgit_context *ctx)
628	html_include(ctx->cfg.index_info);	628	html_include(ctx->cfg.index_info);
629	}	629	}
630	html("</td></tr></table>\n");	630	html("</td></tr></table>\n");
631		631
632	html("<table class='tabs'><tr><td>\n");	632	html("<table class='tabs'><tr><td>\n");
633	if (ctx->repo) {	633	if (ctx->repo) {
634	cgit_summary_link("summary", NULL, NULL, ctx->qry.head);	634	cgit_summary_link("summary", NULL, NULL, ctx->qry.head);
635	cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head,	635	cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head,
636	ctx->qry.sha1, NULL);	636	ctx->qry.sha1, NULL);
637	cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head,	637	cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head,
638	NULL, NULL, 0, NULL, NULL);	638	NULL, NULL, 0, NULL, NULL);
639	cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head,	639	cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head,
640	ctx->qry.sha1, NULL);	640	ctx->qry.sha1, NULL);
641	cgit_commit_link("commit", NULL, hc(cmd, "commit"),	641	cgit_commit_link("commit", NULL, hc(cmd, "commit"),
642	ctx->qry.head, ctx->qry.sha1);	642	ctx->qry.head, ctx->qry.sha1);
643	cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head,	643	cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head,
644	ctx->qry.sha1, ctx->qry.sha2, NULL);	644	ctx->qry.sha1, ctx->qry.sha2, NULL);
645	if (ctx->repo->readme)	645	if (ctx->repo->readme)
646	reporevlink("about", "about", NULL,	646	reporevlink("about", "about", NULL,
647	hc(cmd, "about"), ctx->qry.head, NULL,	647	hc(cmd, "about"), ctx->qry.head, NULL,
648	NULL);	648	NULL);
649	html("</td><td class='form'>");	649	html("</td><td class='form'>");
650	html("<form class='right' method='get' action='");	650	html("<form class='right' method='get' action='");
651	if (ctx->cfg.virtual_root)	651	if (ctx->cfg.virtual_root)
652	html_attr(cgit_fileurl(ctx->qry.repo, "log",	652	html_url_path(cgit_fileurl(ctx->qry.repo, "log",
653	ctx->qry.path, NULL));	653	ctx->qry.path, NULL));
654	html("'>\n");	654	html("'>\n");
655	add_hidden_formfields(1, 0, "log");	655	add_hidden_formfields(1, 0, "log");
656	html("<select name='qt'>\n");	656	html("<select name='qt'>\n");
657	html_option("grep", "log msg", ctx->qry.grep);	657	html_option("grep", "log msg", ctx->qry.grep);
658	html_option("author", "author", ctx->qry.grep);	658	html_option("author", "author", ctx->qry.grep);
659	html_option("committer", "committer", ctx->qry.grep);	659	html_option("committer", "committer", ctx->qry.grep);
660	html("</select>\n");	660	html("</select>\n");
661	html("<input class='txt' type='text' size='10' name='q' value='");	661	html("<input class='txt' type='text' size='10' name='q' value='");
662	html_attr(ctx->qry.search);	662	html_attr(ctx->qry.search);
663	html("'/>\n");	663	html("'/>\n");
664	html("<input type='submit' value='search'/>\n");	664	html("<input type='submit' value='search'/>\n");
665	html("</form>\n");	665	html("</form>\n");
666	} else {	666	} else {
667	site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0);	667	site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0);
668	if (ctx->cfg.root_readme)	668	if (ctx->cfg.root_readme)
669	site_link("about", "about", NULL, hc(cmd, "about"),	669	site_link("about", "about", NULL, hc(cmd, "about"),
670	NULL, 0);	670	NULL, 0);
671	html("</td><td class='form'>");	671	html("</td><td class='form'>");
672	html("<form method='get' action='");	672	html("<form method='get' action='");
673	html_attr(cgit_rooturl());	673	html_attr(cgit_rooturl());
674	html("'>\n");	674	html("'>\n");
675	html("<input type='text' name='q' size='10' value='");	675	html("<input type='text' name='q' size='10' value='");
676	html_attr(ctx->qry.search);	676	html_attr(ctx->qry.search);
677	html("'/>\n");	677	html("'/>\n");