Skip to content

Commit dde9fa5

Browse files
blueimpblueimp
committed
Only use fmt.Sprintf if redirect URL contains "%s".
1 parent 825879e commit dde9fa5

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

server/gae-go/app/main.go

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* jQuery File Upload Plugin GAE Go Example 2.1.2
2+
* jQuery File Upload Plugin GAE Go Example 2.1.3
33
* https://github.com/blueimp/jQuery-File-Upload
44
*
55
* Copyright 2011, Sebastian Tschan
@@ -219,10 +219,13 @@ func post(w http.ResponseWriter, r *http.Request) {
219219
b, err := json.Marshal(handleUploads(r))
220220
check(err)
221221
if redirect := r.FormValue("redirect"); redirect != "" {
222-
http.Redirect(w, r, fmt.Sprintf(
223-
redirect,
224-
escape(string(b)),
225-
), http.StatusFound)
222+
if strings.Contains(redirect, "%s") {
223+
redirect = fmt.Sprintf(
224+
redirect,
225+
escape(string(b)),
226+
)
227+
}
228+
http.Redirect(w, r, redirect, http.StatusFound)
226229
return
227230
}
228231
w.Header().Set("Cache-Control", "no-cache")

0 commit comments

Comments
 (0)