Skip to content

Commit 94cf386

Browse files
committed
Escape error messages from OpenID
Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent 1363ce5 commit 94cf386

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

Diff for: examples/openid.php

+3-3
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ function Show_page($contents)
111111
$o = new OpenID_RelyingParty($returnTo, $realm, $identifier);
112112
} catch (Exception $e) {
113113
$contents = "<div class='relyingparty_results'>\n";
114-
$contents .= "<pre>" . $e->getMessage() . "</pre>\n";
114+
$contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
115115
$contents .= "</div class='relyingparty_results'>";
116116
Show_page($contents);
117117
exit;
@@ -121,9 +121,9 @@ function Show_page($contents)
121121
if (isset($_POST['start'])) {
122122
try {
123123
$authRequest = $o->prepare();
124-
} catch (OpenID_Exception $e) {
124+
} catch (Exception $e) {
125125
$contents = "<div class='relyingparty_results'>\n";
126-
$contents .= "<pre>" . $e->getMessage() . "</pre>\n";
126+
$contents .= "<pre>" . htmlspecialchars($e->getMessage()) . "</pre>\n";
127127
$contents .= "</div class='relyingparty_results'>";
128128
Show_page($contents);
129129
exit;

0 commit comments

Comments
 (0)