Commit cc928b7b authored by Russ Cox's avatar Russ Cox

http: fix text displayed in Redirect

In the case where r.Method == "POST", was
calling Printf with an argument but "" format string,
causing a spurious %!EXTRA(...) message.

Also escape string properly in HTML generation.

R=r
CC=golang-dev
https://golang.org/cl/3923043
parent 3a43ff1a
...@@ -452,18 +452,7 @@ func NotFoundHandler() Handler { return HandlerFunc(NotFound) } ...@@ -452,18 +452,7 @@ func NotFoundHandler() Handler { return HandlerFunc(NotFound) }
// Redirect replies to the request with a redirect to url, // Redirect replies to the request with a redirect to url,
// which may be a path relative to the request path. // which may be a path relative to the request path.
func Redirect(w ResponseWriter, r *Request, url string, code int) { func Redirect(w ResponseWriter, r *Request, url string, code int) {
// RFC2616 recommends that a short note "SHOULD" be included in the if u, err := ParseURL(url); err == nil {
// response because older user agents may not understand 301/307.
note := "<a href=\"%v\">" + statusText[code] + "</a>.\n"
if r.Method == "POST" {
note = ""
}
u, err := ParseURL(url)
if err != nil {
goto finish
}
// If url was relative, make absolute by // If url was relative, make absolute by
// combining with request path. // combining with request path.
// The browser would probably do this for us, // The browser would probably do this for us,
...@@ -499,11 +488,27 @@ func Redirect(w ResponseWriter, r *Request, url string, code int) { ...@@ -499,11 +488,27 @@ func Redirect(w ResponseWriter, r *Request, url string, code int) {
url += "/" url += "/"
} }
} }
}
finish:
w.SetHeader("Location", url) w.SetHeader("Location", url)
w.WriteHeader(code) w.WriteHeader(code)
fmt.Fprintf(w, note, url)
// RFC2616 recommends that a short note "SHOULD" be included in the
// response because older user agents may not understand 301/307.
note := "<a href=\"" + htmlEscape(url) + "\">" + statusText[code] + "</a>.\n"
if r.Method == "POST" {
note = ""
}
fmt.Fprintln(w, note)
}
func htmlEscape(s string) string {
s = strings.Replace(s, "&", "&amp;", -1)
s = strings.Replace(s, "<", "&lt;", -1)
s = strings.Replace(s, ">", "&gt;", -1)
s = strings.Replace(s, "\"", "&quot;", -1)
s = strings.Replace(s, "'", "&apos;", -1)
return s
} }
// Redirect to a fixed URL // Redirect to a fixed URL
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment