Skip to content
This repository has been archived by the owner on Dec 19, 2020. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
openidProvider: Fix cross-site scripting.
If someone is able to perform a session fixation attack on the
openidProvider host, he can then make users execute scripts in that
domain.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2445 44740490-163a-0410-bde0-09ae8108e29a
  • Loading branch information
olavmo-sikt committed Jul 29, 2010
1 parent d4bbc9c commit 8365d48
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion templates/trust.tpl.php
Expand Up @@ -10,7 +10,7 @@
echo('<p>' . $this->t('{openidProvider:openidProvider:confirm_question}', $params) . '</p>');
?>
<form method="post" action="?">
<input type="hidden" name="StateID" value="<?php echo $this->data['StateID']; ?>" />
<input type="hidden" name="StateID" value="<?php echo htmlspecialchars($this->data['StateID']); ?>" />

<input type="checkbox" name="TrustRemember" value="on" id="remember" />
<label for="TrustRemember"><?php echo($this->t('{openidProvider:openidProvider:remember}')); ?></label>
Expand Down

0 comments on commit 8365d48

Please sign in to comment.