{
FILE *fp;
char *upwd;
+ char *htcldir; /* HTML-clean dir name */
char *htclfile; /* HTML-clean file name */
char *urlclfile; /* URL-clean file name */
}
else
upwd = xstrdup ("");
+
+ htcldir = html_quote_string (u->dir);
+
fprintf (fp, "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n");
fprintf (fp, "<html>\n<head>\n<title>");
- fprintf (fp, _("Index of /%s on %s:%d"), u->dir, u->host, u->port);
+ fprintf (fp, _("Index of /%s on %s:%d"), htcldir, u->host, u->port);
fprintf (fp, "</title>\n</head>\n<body>\n<h1>");
- fprintf (fp, _("Index of /%s on %s:%d"), u->dir, u->host, u->port);
+ fprintf (fp, _("Index of /%s on %s:%d"), htcldir, u->host, u->port);
fprintf (fp, "</h1>\n<hr>\n<pre>\n");
+
while (f)
{
fprintf (fp, " ");
fprintf (fp, "<a href=\"ftp://%s%s:%d", upwd, u->host, u->port);
if (*u->dir != '/')
putc ('/', fp);
- fprintf (fp, "%s", u->dir);
+ /* XXX: Should probably URL-escape dir components here, rather
+ * than just HTML-escape, for consistency with the next bit where
+ * we use urlclfile for the file component. Anyway, this is safer
+ * than what we had... */
+ fprintf (fp, "%s", htcldir);
if (*u->dir)
putc ('/', fp);
fprintf (fp, "%s", urlclfile);
f = f->next;
}
fprintf (fp, "</pre>\n</body>\n</html>\n");
+ xfree (htcldir);
xfree (upwd);
if (!output_stream)
fclose (fp);
projects / wget / blobdiff