ui-shared: use html_url_path() to get properly escaped url in form action

When a repo uses an url with e.g. '#' or '?' characters this needs to be properly escaped when used as action in a form tag. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
16 years ago · 2e884f3162
parent b7f33786ef
commit 2e884f3162
1 changed files with 2 additions and 2 deletions
--- a/ui-shared.c
+++ b/ui-shared.c
@ -649,8 +649,8 @@ void cgit_print_pageheader(struct cgit_context *ctx)
 		html("</td><td class='form'>");
 		html("<form class='right' method='get' action='");
 		if (ctx->cfg.virtual_root)
-			html_attr(cgit_fileurl(ctx->qry.repo, "log",
-					       ctx->qry.path, NULL));
+			html_url_path(cgit_fileurl(ctx->qry.repo, "log",
+						   ctx->qry.path, NULL));
 		html("'>\n");
 		add_hidden_formfields(1, 0, "log");
 		html("<select name='qt'>\n");