Escape error messages from OpenID

Signed-off-by: Michal Čihař <michal@cihar.com>
phpmyadmin · Jun 17, 2016 · 94cf386 · 94cf386
1 parent 1363ce5
commit 94cf386
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/examples/openid.php b/examples/openid.php
@@ -111,7 +111,7 @@ function Show_page($contents)
     $o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
 } catch (Exception $e) {
     $contents = "<div class='relyingparty_results'>\n";
-    $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+    $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
     $contents .= "</div class='relyingparty_results'>";
     Show_page($contents);
     exit;
@@ -121,9 +121,9 @@ function Show_page($contents)
 if (isset($_POST['start'])) {
     try {
         $authRequest = $o->prepare();
-    } catch (OpenID_Exception $e) {
+    } catch (Exception $e) {
         $contents = "<div class='relyingparty_results'>\n";
-        $contents .= "<pre>" . $e->getMessage() . "</pre>\n";
+        $contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
         $contents .= "</div class='relyingparty_results'>";
         Show_page($contents);
         exit;