Skip to content
This repository was archived by the owner on Aug 1, 2020. It is now read-only.

Commit d652d41

Browse files
committed
openid: Fix cross-site scripting.
Can be exploited by a malicious openid provider to execute scripts on the host using openid. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2444 44740490-163a-0410-bde0-09ae8108e29a
1 parent 1b9ea15 commit d652d41

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: templates/consumer.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@
5050
Identity URL:
5151
<input type="hidden" name="action" value="verify" />
5252
<input id="openid-identifier" class="openid-identifier" type="text" name="openid_url" value="http://" />
53-
<input type="hidden" name="AuthState" value="<?php echo $this->data['AuthState']; ?>" />
53+
<input type="hidden" name="AuthState" value="<?php echo htmlspecialchars($this->data['AuthState']); ?>" />
5454
<input type="submit" value="Login with OpenID" />
5555
</fieldset>
5656
</form>

0 commit comments

Comments
 (0)