projects
/
privoxy.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add moneybanker.fr as Bronze level sponsor
[privoxy.git]
/
cgi.c
diff --git
a/cgi.c
b/cgi.c
index
cb1f072
..
5d7b702
100644
(file)
--- a/
cgi.c
+++ b/
cgi.c
@@
-7,7
+7,7
@@
* This only contains the framework functions, the
* actual handler functions are declared elsewhere.
*
* This only contains the framework functions, the
* actual handler functions are declared elsewhere.
*
- * Copyright : Written by and Copyright (C) 2001-202
0
+ * Copyright : Written by and Copyright (C) 2001-202
1
* members of the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* members of the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
@@
-1199,7
+1199,8
@@
jb_err cgi_error_no_template(const struct client_state *csp,
").</p>\n"
"</body>\n"
"</html>\n";
").</p>\n"
"</body>\n"
"</html>\n";
- const size_t body_size = strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1;
+ size_t body_size = strlen(body_prefix) + strlen(body_suffix) + 1;
+ const char *encoded_template_name;
assert(csp);
assert(rsp);
assert(csp);
assert(rsp);
@@
-1213,9
+1214,17
@@
jb_err cgi_error_no_template(const struct client_state *csp,
rsp->head_length = 0;
rsp->is_static = 0;
rsp->head_length = 0;
rsp->is_static = 0;
+ encoded_template_name = html_encode(template_name);
+ if (encoded_template_name == NULL)
+ {
+ return JB_ERR_MEMORY;
+ }
+
+ body_size += strlen(encoded_template_name);
rsp->body = malloc_or_die(body_size);
strlcpy(rsp->body, body_prefix, body_size);
rsp->body = malloc_or_die(body_size);
strlcpy(rsp->body, body_prefix, body_size);
- strlcat(rsp->body, template_name, body_size);
+ strlcat(rsp->body, encoded_template_name, body_size);
+ freez(encoded_template_name);
strlcat(rsp->body, body_suffix, body_size);
rsp->status = strdup(status);
strlcat(rsp->body, body_suffix, body_size);
rsp->status = strdup(status);