| author | Lars Hjemli <hjemli@gmail.com> | 2008-10-05 17:25:47 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2008-10-05 17:25:47 (UTC) |
| commit | 2e884f3162771880a2a5260713d6b7d1aa25bc6f (patch) (side-by-side diff) | |
| tree | 6d7193cc2ce766ac3d350ba3f2ea20e546ec5344 /ui-shared.c | |
| parent | b7f33786ef4b155a11b0324f84bbde5d7fc9c998 (diff) | |
| download | cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.zip cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.gz cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.bz2 | |
ui-shared: use html_url_path() to get properly escaped url in form action
When a repo uses an url with e.g. '#' or '?' characters this needs to be
properly escaped when used as action in a form tag.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | ui-shared.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ui-shared.c b/ui-shared.c index f858ab6..1e12529 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -604,98 +604,98 @@ void cgit_print_pageheader(struct cgit_context *ctx) cgit_index_link("index", NULL, NULL, NULL, 0); html(" : "); cgit_summary_link(ctx->repo->name, ctx->repo->name, NULL, NULL); html("</td><td class='form'>"); html("<form method='get' action=''>\n"); add_hidden_formfields(0, 1, ctx->qry.page); html("<select name='h' onchange='this.form.submit();'>\n"); for_each_branch_ref(print_branch_option, ctx->qry.head); html("</select> "); html("<input type='submit' name='' value='switch'/>"); html("</form>"); } else html_txt(ctx->cfg.root_title); html("</td></tr>\n"); html("<tr><td class='sub'>"); if (ctx->repo) { html_txt(ctx->repo->desc); html("</td><td class='sub right'>"); html_txt(ctx->repo->owner); } else { if (ctx->cfg.root_desc) html_txt(ctx->cfg.root_desc); else if (ctx->cfg.index_info) html_include(ctx->cfg.index_info); } html("</td></tr></table>\n"); html("<table class='tabs'><tr><td>\n"); if (ctx->repo) { cgit_summary_link("summary", NULL, NULL, ctx->qry.head); cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head, ctx->qry.sha1, NULL); cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head, NULL, NULL, 0, NULL, NULL); cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head, ctx->qry.sha1, NULL); cgit_commit_link("commit", NULL, hc(cmd, "commit"), ctx->qry.head, ctx->qry.sha1); cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head, ctx->qry.sha1, ctx->qry.sha2, NULL); if (ctx->repo->readme) reporevlink("about", "about", NULL, hc(cmd, "about"), ctx->qry.head, NULL, NULL); html("</td><td class='form'>"); html("<form class='right' method='get' action='"); if (ctx->cfg.virtual_root) - html_attr(cgit_fileurl(ctx->qry.repo, "log", - ctx->qry.path, NULL)); + html_url_path(cgit_fileurl(ctx->qry.repo, "log", + ctx->qry.path, NULL)); html("'>\n"); add_hidden_formfields(1, 0, "log"); html("<select name='qt'>\n"); html_option("grep", "log msg", ctx->qry.grep); html_option("author", "author", ctx->qry.grep); html_option("committer", "committer", ctx->qry.grep); html("</select>\n"); html("<input class='txt' type='text' size='10' name='q' value='"); html_attr(ctx->qry.search); html("'/>\n"); html("<input type='submit' value='search'/>\n"); html("</form>\n"); } else { site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0); if (ctx->cfg.root_readme) site_link("about", "about", NULL, hc(cmd, "about"), NULL, 0); html("</td><td class='form'>"); html("<form method='get' action='"); html_attr(cgit_rooturl()); html("'>\n"); html("<input type='text' name='q' size='10' value='"); html_attr(ctx->qry.search); html("'/>\n"); html("<input type='submit' value='search'/>\n"); html("</form>"); } html("</td></tr></table>\n"); html("<div class='content'>"); } void cgit_print_filemode(unsigned short mode) { if (S_ISDIR(mode)) html("d"); else if (S_ISLNK(mode)) html("l"); else if (S_ISGITLINK(mode)) html("m"); else html("-"); html_fileperm(mode >> 6); html_fileperm(mode >> 3); html_fileperm(mode); } void cgit_print_snapshot_links(const char *repo, const char *head, const char *hex, int snapshots) |