diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-12-22 02:38:09 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2023-01-11 21:51:17 +0100 |
commit | f37dd0dd3a8e48eb0ee59ba6fe53b6ebf92566b1 (patch) | |
tree | 76dfed0e0d06a94fe573e3ad8212de39249775db | |
parent | 6a29695be1b5f7746048d170917a031e190f7287 (diff) | |
download | cgit-f37dd0dd3a8e48eb0ee59ba6fe53b6ebf92566b1.tar.gz cgit-f37dd0dd3a8e48eb0ee59ba6fe53b6ebf92566b1.tar.bz2 cgit-f37dd0dd3a8e48eb0ee59ba6fe53b6ebf92566b1.zip |
html: double escape literal + in URLs
It's unclear whether this is correct or whether my server is double
decoding.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r-- | html.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -17,7 +17,7 @@ static const char* url_escape_table[256] = { "%10", "%11", "%12", "%13", "%14", "%15", "%16", "%17", "%18", "%19", "%1a", "%1b", "%1c", "%1d", "%1e", "%1f", "%20", NULL, "%22", "%23", NULL, "%25", "%26", "%27", - NULL, NULL, NULL, "%2b", NULL, NULL, NULL, NULL, + NULL, NULL, NULL, "%252b", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, "%3c", "%3d", "%3e", "%3f", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, @@ -200,7 +200,7 @@ void html_url_path(const char *txt) while (t && *t) { unsigned char c = *t; const char *e = url_escape_table[c]; - if (e && c != '+' && c != '&') { + if (e && c != '&') { html_raw(txt, t - txt); html(e); txt = t + 1; |