projects
/
project
/
uhttpd.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
cgi: escape url in 403 error output
[project/uhttpd.git]
/
cgi.c
diff --git
a/cgi.c
b/cgi.c
index 0ffb1308c6141b5339a9fa41ac8f64c55f15266b..13a0bc480b633cbfdd2f10565595a2a33dd2367c 100644
(file)
--- a/
cgi.c
+++ b/
cgi.c
@@
-67,11
+67,18
@@
static void cgi_main(struct client *cl, struct path_info *pi, char *url)
static void cgi_handle_request(struct client *cl, char *url, struct path_info *pi)
{
unsigned int mode = S_IFREG | S_IXOTH;
static void cgi_handle_request(struct client *cl, char *url, struct path_info *pi)
{
unsigned int mode = S_IFREG | S_IXOTH;
+ char *escaped_url;
if (!pi->ip && !((pi->stat.st_mode & mode) == mode)) {
if (!pi->ip && !((pi->stat.st_mode & mode) == mode)) {
+ escaped_url = uh_htmlescape(url);
+
uh_client_error(cl, 403, "Forbidden",
"You don't have permission to access %s on this server.",
uh_client_error(cl, 403, "Forbidden",
"You don't have permission to access %s on this server.",
- url);
+ escaped_url ? escaped_url : "the url");
+
+ if (escaped_url)
+ free(escaped_url);
+
return;
}
return;
}