Merge branch 'lh/escape-urls'

* lh/escape-urls:
  ui-shared.c: use html_url_arg()
  html.c: add html_url_arg

6 files changed, 53 insertions, 11 deletions

diff --git a/html.c b/html.c
index 36e9a2f..167127f 100644
--- a/html.c
+++ b/html.c
@@ -125,12 +125,28 @@ void html_attr(char *txt)
                 t++;
         }
         if (t!=txt)
                 html(txt);
 }
 
+void html_url_arg(char *txt)
+{
+        char *t = txt;
+        while(t && *t){
+                int c = *t;
+                if (c=='"' || c=='#' || c=='%' || c=='&' || c=='\'' || c=='+' || c=='?') {
+                        write(htmlfd, txt, t - txt);
+                        write(htmlfd, fmt("%%%2x", c), 3);
+                        txt = t+1;
+                }
+                t++;
+        }
+        if (t!=txt)
+                html(txt);
+}
+
 void html_hidden(char *name, char *value)
 {
         html("<input type='hidden' name='");
         html_attr(name);
         html("' value='");
         html_attr(value);
diff --git a/html.h b/html.h
index 3c32935..038cf60 100644
--- a/html.h
+++ b/html.h
@@ -7,12 +7,13 @@ extern void html_raw(const char *txt, size_t size);
 extern void html(const char *txt);
 extern void htmlf(const char *format,...);
 extern void html_status(int code, const char *msg, int more_headers);
 extern void html_txt(char *txt);
 extern void html_ntxt(int len, char *txt);
 extern void html_attr(char *txt);
+extern void html_url_arg(char *txt);
 extern void html_hidden(char *name, char *value);
 extern void html_option(char *value, char *text, char *selected_value);
 extern void html_link_open(char *url, char *title, char *class);
 extern void html_link_close(void);
 extern void html_fileperm(unsigned short mode);
 extern int html_include(const char *filename);
diff --git a/tests/setup.sh b/tests/setup.sh
index e37306e..1457dd5 100755
--- a/tests/setup.sh
+++ b/tests/setup.sh
@@ -28,21 +28,29 @@ mkrepo() {
         for ((n=1; n<=count; n++))
         do
                 echo $n >file-$n
                 git add file-$n
                 git commit -m "commit $n"
         done
+        if test "$3" = "testplus"
+        then
+                echo "hello" >a+b
+                git add a+b
+                git commit -m "add a+b"
+                git branch "1+2"
+        fi
         cd $dir
 }
 
 setup_repos()
 {
         rm -rf trash/cache
         mkdir -p trash/cache
         mkrepo trash/repos/foo 5 >/dev/null
         mkrepo trash/repos/bar 50 >/dev/null
+        mkrepo trash/repos/foo+bar 10 testplus >/dev/null
         cat >trash/cgitrc <<EOF
 virtual-root=/
 cache-root=$PWD/trash/cache
 
 cache-size=1021
 snapshots=tar.gz tar.bz zip
@@ -58,12 +66,16 @@ repo.path=$PWD/trash/repos/foo/.git
 # the constant value "[no description]" (which actually used to cause a
 # segfault).
 
 repo.url=bar
 repo.path=$PWD/trash/repos/bar/.git
 repo.desc=the bar repo
+
+repo.url=foo+bar
+repo.path=$PWD/trash/repos/foo+bar/.git
+repo.desc=the foo+bar repo
 EOF
 }
 
 prepare_tests()
 {
         setup_repos
@@ -110,7 +122,6 @@ cgit_query()
 }
 
 cgit_url()
 {
         CGIT_CONFIG="$PWD/trash/cgitrc" QUERY_STRING="url=$1" "$PWD/../cgit"
 }
-
diff --git a/tests/t0101-index.sh b/tests/t0101-index.sh
index 445af6a..07e39f9 100755
--- a/tests/t0101-index.sh
+++ b/tests/t0101-index.sh
@@ -6,10 +6,12 @@ prepare_tests "Check content on index page"
 
 run_test 'generate index page' 'cgit_url "" >trash/tmp'
 run_test 'find foo repo' 'grep -e "foo" trash/tmp'
 run_test 'find foo description' 'grep -e "\[no description\]" trash/tmp'
 run_test 'find bar repo' 'grep -e "bar" trash/tmp'
 run_test 'find bar description' 'grep -e "the bar repo" trash/tmp'
+run_test 'find foo+bar repo' 'grep -e ">foo+bar<" trash/tmp'
+run_test 'verify foo+bar link' 'grep -e "/foo+bar/" trash/tmp'
 run_test 'no tree-link' '! grep -e "foo/tree" trash/tmp'
 run_test 'no log-link' '! grep -e "foo/log" trash/tmp'
 
 tests_done
diff --git a/tests/t0104-tree.sh b/tests/t0104-tree.sh
index 2516c72..0d62cc8 100755
--- a/tests/t0104-tree.sh
+++ b/tests/t0104-tree.sh
@@ -15,7 +15,19 @@ run_test 'find line 1' '
 '
 
 run_test 'no line 2' '
         grep -e "<a id=.n2. name=.n2. href=.#n2.>2</a>" trash/tmp
 '
 
+run_test 'generate foo+bar/tree' 'cgit_url "foo%2bbar/tree" >trash/tmp'
+
+run_test 'verify a+b link' '
+        grep -e "/foo+bar/tree/a+b" trash/tmp
+'
+
+run_test 'generate foo+bar/tree?h=1+2' 'cgit_url "foo%2bbar/tree&h=1%2b2" >trash/tmp'
+
+run_test 'verify a+b?h=1+2 link' '
+        grep -e "/foo+bar/tree/a+b?h=1%2b2" trash/tmp
+'
+
 tests_done
diff --git a/ui-shared.c b/ui-shared.c
index c23bc75..a2f636c 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -218,27 +218,27 @@ static char *repolink(char *title, char *class, char *page, char *head,
                         if (path)
                                 html_attr(path);
                 }
         } else {
                 html(ctx.cfg.script_name);
                 html("?url=");
-                html_attr(ctx.repo->url);
+                html_url_arg(ctx.repo->url);
                 if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
                         html("/");
                 if (page) {
-                        html(page);
+                        html_url_arg(page);
                         html("/");
                         if (path)
-                                html_attr(path);
+                                html_url_arg(path);
                 }
                 delim = "&amp;";
         }
         if (head && strcmp(head, ctx.repo->defbranch)) {
                 html(delim);
                 html("h=");
-                html_attr(head);
+                html_url_arg(head);
                 delim = "&amp;";
         }
         return fmt("%s", delim);
 }
 
 static void reporevlink(char *page, char *name, char *title, char *class,
@@ -247,13 +247,13 @@ static void reporevlink(char *page, char *name, char *title, char *class,
         char *delim;
 
         delim = repolink(title, class, page, head, path);
         if (rev && strcmp(rev, ctx.qry.head)) {
                 html(delim);
                 html("id=");
-                html_attr(rev);
+                html_url_arg(rev);
         }
         html("'>");
         html_txt(name);
         html("</a>");
 }
 
@@ -275,23 +275,23 @@ void cgit_log_link(char *name, char *title, char *class, char *head,
         char *delim;
 
         delim = repolink(title, class, "log", head, path);
         if (rev && strcmp(rev, ctx.qry.head)) {
                 html(delim);
                 html("id=");
-                html_attr(rev);
+                html_url_arg(rev);
                 delim = "&";
         }
         if (grep && pattern) {
                 html(delim);
                 html("qt=");
-                html_attr(grep);
+                html_url_arg(grep);
                 delim = "&";
                 html(delim);
                 html("q=");
-                html_attr(pattern);
+                html_url_arg(pattern);
         }
         if (ofs > 0) {
                 html(delim);
                 html("ofs=");
                 htmlf("%d", ofs);
         }
@@ -330,19 +330,19 @@ void cgit_diff_link(char *name, char *title, char *class, char *head,
         char *delim;
 
         delim = repolink(title, class, "diff", head, path);
         if (new_rev && strcmp(new_rev, ctx.qry.head)) {
                 html(delim);
                 html("id=");
-                html_attr(new_rev);
+                html_url_arg(new_rev);
                 delim = "&amp;";
         }
         if (old_rev) {
                 html(delim);
                 html("id2=");
-                html_attr(old_rev);
+                html_url_arg(old_rev);
         }
         html("'>");
         html_txt(name);
         html("</a>");
 }