Skip to content
This repository has been archived by the owner on Mar 25, 2020. It is now read-only.

Commit

Permalink
InfoCard: Fix cross-site scripting.
Browse files Browse the repository at this point in the history
If the InfoCard module is enabled, it can be used to perform cross-site
scripting attacks on the site where it is installed.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2435 44740490-163a-0410-bde0-09ae8108e29a
  • Loading branch information
olavmo-sikt committed Jul 29, 2010
1 parent 429c8d7 commit f6bfea4
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
10 changes: 5 additions & 5 deletions templates/temp-getcardform.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

if(strcmp($this->data['form'],"validate")==0){
echo '<h2>'.$this->t('getcardform_title').'</h2>';
echo '<form action = ?AuthState='.$this->data['stateparams']['AuthState']." method='post'>";
echo '<form action = ?AuthState='.htmlspecialchars($this->data['stateparams']['AuthState'])." method='post'>";
echo '<table border="0">';
echo "<tr><td>".$this->t('form_username').": </td><td><input type='text' name='username' value='usuario' /></td></tr>";
echo "<tr><td>".$this->t('form_password').": </td><td><input type='password' name='password' value='clave' /></td></tr>";
Expand All @@ -34,7 +34,7 @@
} else if(strcmp($this->data['form'],"selfIssued")==0){ //ASK FOR A SELF-ISSUED CARD
echo '<h2>'.$this->t('getcardform_self_title').'</h2>';
echo '<p>'.$this->t('getcardform_self_text').'</p>';
echo '<form name="ctl00" id="ctl00" method="post" action="?AuthState='.$this->data['stateparams']['AuthState'].'">';
echo '<form name="ctl00" id="ctl00" method="post" action="?AuthState='.htmlspecialchars($this->data['stateparams']['AuthState']).'">';
echo '<OBJECT type="application/x-informationCard" name="xmlToken">';
echo '<PARAM Name="issuer" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self" />';
if ($this->data['InfoCard']['issuerPolicy']!='') echo '<PARAM Name="issuerPolicy" Value="'.$this->data['InfoCard']['issuerPolicy']."\">\n";
Expand All @@ -43,15 +43,15 @@
if ($this->data['InfoCard']['privacyVersion']!='')echo '<PARAM Name="privacyVersion" Value="'.$this->data['InfoCard']['privacyVersion']."\">\n";
echo '<PARAM Name="requiredClaims" Value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">';
echo '</OBJECT>';
echo "<input type='hidden' name='username' value='".$this->data['username']."'/>";
echo "<input type='hidden' name='password' value='".$this->data['password']."'/>";
echo "<input type='hidden' name='username' value='".htmlspecialchars($this->data['username'])."'/>";
echo "<input type='hidden' name='password' value='".htmlspecialchars($this->data['password'])."'/>";
echo "<input type='hidden' name='form' value='".$this->data['form']."'/>";
echo "<input type='image' src='resources/infocard_self_114x80.png' style='cursor:pointer' />";
echo '</form>';
} else {
echo '<h2>'.$this->t('getcardform_finished_title').'</h2>';
echo '<p>'.$this->t('getcardform_finished_text').'</p>';
echo '<p> <a href="login-infocard.php?AuthState='.$this->data['stateparams']['AuthState'].'">LOGIN</a></p>';
echo '<p> <a href="login-infocard.php?AuthState='.htmlspecialchars($this->data['stateparams']['AuthState']).'">LOGIN</a></p>';
}
}
?>
Expand Down
2 changes: 1 addition & 1 deletion templates/temp-login.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

<p><?php echo $this->t('user_IC_text'); ?></p>

<form name="ctl00" id="ctl00" method="post" action="?AuthState=<?php echo $this->data['stateparams']['AuthState']?>">
<form name="ctl00" id="ctl00" method="post" action="?AuthState=<?php echo htmlspecialchars($this->data['stateparams']['AuthState'])?>">

<!-- <ic:informationCard xmlns:ic="<?php echo $this->data['InfoCard']['schema'] ?>" name="xmlToken"
issuer="<?php echo $this->data['InfoCard']['issuer']; ?>"
Expand Down

0 comments on commit f6bfea4

Please sign in to comment.