From ff9d40a60d85281d77558c93bece2e9b461bfea4 Mon Sep 17 00:00:00 2001
From: Simon Welsh <simon@simon.geek.nz>
Date: Fri, 28 Feb 2014 14:09:42 +1300
Subject: [PATCH] FIX Escape the redirect URL before outputting

Signed-off-by: Stephen Shkardoon <stephen@silverstripe.com>
---
 control/HTTPResponse.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/control/HTTPResponse.php b/control/HTTPResponse.php
index e7482bb09..6489740d2 100644
--- a/control/HTTPResponse.php
+++ b/control/HTTPResponse.php
@@ -213,7 +213,7 @@ class SS_HTTPResponse {
 		}
 
 		if(in_array($this->statusCode, self::$redirect_codes) && headers_sent($file, $line)) {
-			$url = $this->headers['Location'];
+			$url = Convert::raw2htmlatt($this->headers['Location']);
 			echo
 			"<p>Redirecting to <a href=\"$url\" title=\"Click this link if your browser does not redirect you\">"
 				. "$url... (output started on $file, line $line)</a></p>