Skip to content
This repository has been archived by the owner on Aug 1, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
openid: Fix cross-site scripting.
Can be exploited by a malicious openid provider to execute scripts
on the host using openid.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2444 44740490-163a-0410-bde0-09ae8108e29a
  • Loading branch information
olavmo-sikt committed Jul 29, 2010
1 parent 1b9ea15 commit d652d41
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion templates/consumer.php
Expand Up @@ -50,7 +50,7 @@
Identity URL:
<input type="hidden" name="action" value="verify" />
<input id="openid-identifier" class="openid-identifier" type="text" name="openid_url" value="http://" />
<input type="hidden" name="AuthState" value="<?php echo $this->data['AuthState']; ?>" />
<input type="hidden" name="AuthState" value="<?php echo htmlspecialchars($this->data['AuthState']); ?>" />
<input type="submit" value="Login with OpenID" />
</fieldset>
</form>
Expand Down

0 comments on commit d652d41

Please sign in to comment.