mirror of
https://github.com/golang/go
synced 2024-10-03 14:11:21 -06:00
http: fix text displayed in Redirect
In the case where r.Method == "POST", was calling Printf with an argument but "" format string, causing a spurious %!EXTRA(...) message. Also escape string properly in HTML generation. R=r CC=golang-dev https://golang.org/cl/3923043
This commit is contained in:
parent
3a43ff1a77
commit
cc928b7b6e
@ -452,18 +452,7 @@ func NotFoundHandler() Handler { return HandlerFunc(NotFound) }
|
|||||||
// Redirect replies to the request with a redirect to url,
|
// Redirect replies to the request with a redirect to url,
|
||||||
// which may be a path relative to the request path.
|
// which may be a path relative to the request path.
|
||||||
func Redirect(w ResponseWriter, r *Request, url string, code int) {
|
func Redirect(w ResponseWriter, r *Request, url string, code int) {
|
||||||
// RFC2616 recommends that a short note "SHOULD" be included in the
|
if u, err := ParseURL(url); err == nil {
|
||||||
// response because older user agents may not understand 301/307.
|
|
||||||
note := "<a href=\"%v\">" + statusText[code] + "</a>.\n"
|
|
||||||
if r.Method == "POST" {
|
|
||||||
note = ""
|
|
||||||
}
|
|
||||||
|
|
||||||
u, err := ParseURL(url)
|
|
||||||
if err != nil {
|
|
||||||
goto finish
|
|
||||||
}
|
|
||||||
|
|
||||||
// If url was relative, make absolute by
|
// If url was relative, make absolute by
|
||||||
// combining with request path.
|
// combining with request path.
|
||||||
// The browser would probably do this for us,
|
// The browser would probably do this for us,
|
||||||
@ -499,11 +488,27 @@ func Redirect(w ResponseWriter, r *Request, url string, code int) {
|
|||||||
url += "/"
|
url += "/"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
finish:
|
|
||||||
w.SetHeader("Location", url)
|
w.SetHeader("Location", url)
|
||||||
w.WriteHeader(code)
|
w.WriteHeader(code)
|
||||||
fmt.Fprintf(w, note, url)
|
|
||||||
|
// RFC2616 recommends that a short note "SHOULD" be included in the
|
||||||
|
// response because older user agents may not understand 301/307.
|
||||||
|
note := "<a href=\"" + htmlEscape(url) + "\">" + statusText[code] + "</a>.\n"
|
||||||
|
if r.Method == "POST" {
|
||||||
|
note = ""
|
||||||
|
}
|
||||||
|
fmt.Fprintln(w, note)
|
||||||
|
}
|
||||||
|
|
||||||
|
func htmlEscape(s string) string {
|
||||||
|
s = strings.Replace(s, "&", "&", -1)
|
||||||
|
s = strings.Replace(s, "<", "<", -1)
|
||||||
|
s = strings.Replace(s, ">", ">", -1)
|
||||||
|
s = strings.Replace(s, "\"", """, -1)
|
||||||
|
s = strings.Replace(s, "'", "'", -1)
|
||||||
|
return s
|
||||||
}
|
}
|
||||||
|
|
||||||
// Redirect to a fixed URL
|
// Redirect to a fixed URL
|
||||||
|
Loading…
Reference in New Issue
Block a user