ui-shared.c: use html_url_path() in repolink()

This makes sure that reponames and paths are properly escaped when used as urls. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
author: Lars Hjemli <hjemli@gmail.com> 2008-10-05 14:54:44 (UTC)
committer: Lars Hjemli <hjemli@gmail.com> 2008-10-05 14:54:44 (UTC)
commit: 44b208aa44c4cdf7e1e339bbd5b028c23da55a46 (patch) (unidiff)
tree: 74ead4787c7c7507845bfd8504691f07384d1604 /ui-shared.c
parent: 22a597e56dc7fdea78ccbcb7466b45dd62cf7b32 (diff)
download: cgit-44b208aa44c4cdf7e1e339bbd5b028c23da55a46.zip
cgit-44b208aa44c4cdf7e1e339bbd5b028c23da55a46.tar.gz
cgit-44b208aa44c4cdf7e1e339bbd5b028c23da55a46.tar.bz2
1 files changed, 4 insertions, 4 deletions
diff --git a/ui-shared.c b/ui-shared.c
index a2f636c..2eddd2d 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -145,139 +145,139 @@ static void site_url(char *page, char *search, int ofs)
        } else
                html(ctx.cfg.script_name);
        if (page) {
                htmlf("?p=%s", page);
                delim = "&";
        }
        if (search) {
                html(delim);
                html("q=");
                html_attr(search);
                delim = "&";
        }
        if (ofs) {
                html(delim);
                htmlf("ofs=%d", ofs);
        }
 }
 static void site_link(char *page, char *name, char *title, char *class,
                      char *search, int ofs)
 {
        html("<a");
        if (title) {
                html(" title='");
                html_attr(title);
                html("'");
        }
        if (class) {
                html(" class='");
                html_attr(class);
                html("'");
        }
        html(" href='");
        site_url(page, search, ofs);
        html("'>");
        html_txt(name);
        html("</a>");
 }
 void cgit_index_link(char *name, char *title, char *class, char *pattern,
                     int ofs)
 {
        site_link(NULL, name, title, class, pattern, ofs);
 }
 static char *repolink(char *title, char *class, char *page, char *head,
                      char *path)
 {
        char *delim = "?";
        html("<a");
        if (title) {
                html(" title='");
                html_attr(title);
                html("'");
        }
        if (class) {
                html(" class='");
                html_attr(class);
                html("'");
        }
        html(" href='");
        if (ctx.cfg.virtual_root) {
-                html_attr(ctx.cfg.virtual_root);
+                html_url_path(ctx.cfg.virtual_root);
                if (ctx.cfg.virtual_root[strlen(ctx.cfg.virtual_root) - 1] != '/')
                        html("/");
-                html_attr(ctx.repo->url);
+                html_url_path(ctx.repo->url);
                if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
                        html("/");
                if (page) {
-                        html(page);
+                        html_url_path(page);
                        html("/");
                        if (path)
-                                html_attr(path);
+                                html_url_path(path);
                }
        } else {
                html(ctx.cfg.script_name);
                html("?url=");
                html_url_arg(ctx.repo->url);
                if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
                        html("/");
                if (page) {
                        html_url_arg(page);
                        html("/");
                        if (path)
                                html_url_arg(path);
                }
                delim = "&amp;";
        }
        if (head && strcmp(head, ctx.repo->defbranch)) {
                html(delim);
                html("h=");
                html_url_arg(head);
                delim = "&amp;";
        }
        return fmt("%s", delim);
 }
 static void reporevlink(char *page, char *name, char *title, char *class,
                        char *head, char *rev, char *path)
 {
        char *delim;
        delim = repolink(title, class, page, head, path);
        if (rev && strcmp(rev, ctx.qry.head)) {
                html(delim);
                html("id=");
                html_url_arg(rev);
        }
        html("'>");
        html_txt(name);
        html("</a>");
 }
 void cgit_tree_link(char *name, char *title, char *class, char *head,
                    char *rev, char *path)
 {
        reporevlink("tree", name, title, class, head, rev, path);
 }
 void cgit_plain_link(char *name, char *title, char *class, char *head,
                     char *rev, char *path)
 {
        reporevlink("plain", name, title, class, head, rev, path);
 }
 void cgit_log_link(char *name, char *title, char *class, char *head,
                   char *rev, char *path, int ofs, char *grep, char *pattern)
 {
        char *delim;
        delim = repolink(title, class, "log", head, path);
        if (rev && strcmp(rev, ctx.qry.head)) {
                html(delim);
                html("id=");
                html_url_arg(rev);
                delim = "&";
        }
author	Lars Hjemli <hjemli@gmail.com>	2008-10-05 14:54:44 (UTC)
committer	Lars Hjemli <hjemli@gmail.com>	2008-10-05 14:54:44 (UTC)
commit	44b208aa44c4cdf7e1e339bbd5b028c23da55a46 (patch) (unidiff)
tree	74ead4787c7c7507845bfd8504691f07384d1604 /ui-shared.c
parent	22a597e56dc7fdea78ccbcb7466b45dd62cf7b32 (diff)
download	cgit-44b208aa44c4cdf7e1e339bbd5b028c23da55a46.zip cgit-44b208aa44c4cdf7e1e339bbd5b028c23da55a46.tar.gz cgit-44b208aa44c4cdf7e1e339bbd5b028c23da55a46.tar.bz2

diff --git a/ui-shared.c b/ui-shared.c index a2f636c..2eddd2d 100644 --- a/ui-shared.c +++ b/ui-shared.c
@@ -145,139 +145,139 @@ static void site_url(char page, char search, int ofs)
145	} else	145	} else
146	html(ctx.cfg.script_name);	146	html(ctx.cfg.script_name);
147		147
148	if (page) {	148	if (page) {
149	htmlf("?p=%s", page);	149	htmlf("?p=%s", page);
150	delim = "&";	150	delim = "&";
151	}	151	}
152	if (search) {	152	if (search) {
153	html(delim);	153	html(delim);
154	html("q=");	154	html("q=");
155	html_attr(search);	155	html_attr(search);
156	delim = "&";	156	delim = "&";
157	}	157	}
158	if (ofs) {	158	if (ofs) {
159	html(delim);	159	html(delim);
160	htmlf("ofs=%d", ofs);	160	htmlf("ofs=%d", ofs);
161	}	161	}
162	}	162	}
163		163
164	static void site_link(char page, char name, char title, char class,	164	static void site_link(char page, char name, char title, char class,
165	char *search, int ofs)	165	char *search, int ofs)
166	{	166	{
167	html("<a");	167	html("<a");
168	if (title) {	168	if (title) {
169	html(" title='");	169	html(" title='");
170	html_attr(title);	170	html_attr(title);
171	html("'");	171	html("'");
172	}	172	}
173	if (class) {	173	if (class) {
174	html(" class='");	174	html(" class='");
175	html_attr(class);	175	html_attr(class);
176	html("'");	176	html("'");
177	}	177	}
178	html(" href='");	178	html(" href='");
179	site_url(page, search, ofs);	179	site_url(page, search, ofs);
180	html("'>");	180	html("'>");
181	html_txt(name);	181	html_txt(name);
182	html("</a>");	182	html("</a>");
183	}	183	}
184		184
185	void cgit_index_link(char name, char title, char class, char pattern,	185	void cgit_index_link(char name, char title, char class, char pattern,
186	int ofs)	186	int ofs)
187	{	187	{
188	site_link(NULL, name, title, class, pattern, ofs);	188	site_link(NULL, name, title, class, pattern, ofs);
189	}	189	}
190		190
191	static char repolink(char title, char class, char page, char *head,	191	static char repolink(char title, char class, char page, char *head,
192	char *path)	192	char *path)
193	{	193	{
194	char *delim = "?";	194	char *delim = "?";
195		195
196	html("<a");	196	html("<a");
197	if (title) {	197	if (title) {
198	html(" title='");	198	html(" title='");
199	html_attr(title);	199	html_attr(title);
200	html("'");	200	html("'");
201	}	201	}
202	if (class) {	202	if (class) {
203	html(" class='");	203	html(" class='");
204	html_attr(class);	204	html_attr(class);
205	html("'");	205	html("'");
206	}	206	}
207	html(" href='");	207	html(" href='");
208	if (ctx.cfg.virtual_root) {	208	if (ctx.cfg.virtual_root) {
209	html_attr(ctx.cfg.virtual_root);	209	html_url_path(ctx.cfg.virtual_root);
210	if (ctx.cfg.virtual_root[strlen(ctx.cfg.virtual_root) - 1] != '/')	210	if (ctx.cfg.virtual_root[strlen(ctx.cfg.virtual_root) - 1] != '/')
211	html("/");	211	html("/");
212	html_attr(ctx.repo->url);	212	html_url_path(ctx.repo->url);
213	if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')	213	if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
214	html("/");	214	html("/");
215	if (page) {	215	if (page) {
216	html(page);	216	html_url_path(page);
217	html("/");	217	html("/");
218	if (path)	218	if (path)
219	html_attr(path);	219	html_url_path(path);
220	}	220	}
221	} else {	221	} else {
222	html(ctx.cfg.script_name);	222	html(ctx.cfg.script_name);
223	html("?url=");	223	html("?url=");
224	html_url_arg(ctx.repo->url);	224	html_url_arg(ctx.repo->url);
225	if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')	225	if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
226	html("/");	226	html("/");
227	if (page) {	227	if (page) {
228	html_url_arg(page);	228	html_url_arg(page);
229	html("/");	229	html("/");
230	if (path)	230	if (path)
231	html_url_arg(path);	231	html_url_arg(path);
232	}	232	}
233	delim = "&";	233	delim = "&";
234	}	234	}
235	if (head && strcmp(head, ctx.repo->defbranch)) {	235	if (head && strcmp(head, ctx.repo->defbranch)) {
236	html(delim);	236	html(delim);
237	html("h=");	237	html("h=");
238	html_url_arg(head);	238	html_url_arg(head);
239	delim = "&";	239	delim = "&";
240	}	240	}
241	return fmt("%s", delim);	241	return fmt("%s", delim);
242	}	242	}
243		243
244	static void reporevlink(char page, char name, char title, char class,	244	static void reporevlink(char page, char name, char title, char class,
245	char head, char rev, char *path)	245	char head, char rev, char *path)
246	{	246	{
247	char *delim;	247	char *delim;
248		248
249	delim = repolink(title, class, page, head, path);	249	delim = repolink(title, class, page, head, path);
250	if (rev && strcmp(rev, ctx.qry.head)) {	250	if (rev && strcmp(rev, ctx.qry.head)) {
251	html(delim);	251	html(delim);
252	html("id=");	252	html("id=");
253	html_url_arg(rev);	253	html_url_arg(rev);
254	}	254	}
255	html("'>");	255	html("'>");
256	html_txt(name);	256	html_txt(name);
257	html("</a>");	257	html("</a>");
258	}	258	}
259		259
260	void cgit_tree_link(char name, char title, char class, char head,	260	void cgit_tree_link(char name, char title, char class, char head,
261	char rev, char path)	261	char rev, char path)
262	{	262	{
263	reporevlink("tree", name, title, class, head, rev, path);	263	reporevlink("tree", name, title, class, head, rev, path);
264	}	264	}
265		265
266	void cgit_plain_link(char name, char title, char class, char head,	266	void cgit_plain_link(char name, char title, char class, char head,
267	char rev, char path)	267	char rev, char path)
268	{	268	{
269	reporevlink("plain", name, title, class, head, rev, path);	269	reporevlink("plain", name, title, class, head, rev, path);
270	}	270	}
271		271
272	void cgit_log_link(char name, char title, char class, char head,	272	void cgit_log_link(char name, char title, char class, char head,
273	char rev, char path, int ofs, char grep, char pattern)	273	char rev, char path, int ofs, char grep, char pattern)
274	{	274	{
275	char *delim;	275	char *delim;
276		276
277	delim = repolink(title, class, "log", head, path);	277	delim = repolink(title, class, "log", head, path);
278	if (rev && strcmp(rev, ctx.qry.head)) {	278	if (rev && strcmp(rev, ctx.qry.head)) {
279	html(delim);	279	html(delim);
280	html("id=");	280	html("id=");
281	html_url_arg(rev);	281	html_url_arg(rev);
282	delim = "&";	282	delim = "&";
283	}	283	}