Skip to content
Snippets Groups Projects
Commit 80f29804 authored by Nils Behlen's avatar Nils Behlen
Browse files

html escaping

parent 6949bb5a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/LoginForm.php
+ 9
9
View file @ 80f29804
...@@ -155,7 +155,7 @@ if ($this->data['errorCode'] !== NULL) ...@@ -155,7 +155,7 @@ if ($this->data['errorCode'] !== NULL)
<input id="password" name="password" tabindex="1" type="password" value="" class="text" <input id="password" name="password" tabindex="1" type="password" value="" class="text"
placeholder="<?php echo htmlspecialchars($passHint, ENT_QUOTES) ?>"/> placeholder="<?php echo htmlspecialchars($passHint, ENT_QUOTES) ?>"/>
<strong id="message"><?php echo @$this->data['message'] ?: "" ?></strong> <strong id="message"><?php echo htmlspecialchars(@$this->data['message'] ?: "", ENT_QUOTES)?></strong>
<br> <br>
<input id="otp" name="otp" type="password" <input id="otp" name="otp" type="password"
placeholder="<?php echo htmlspecialchars($otpHint, ENT_QUOTES) ?>"> placeholder="<?php echo htmlspecialchars($otpHint, ENT_QUOTES) ?>">
...@@ -167,33 +167,33 @@ if ($this->data['errorCode'] !== NULL) ...@@ -167,33 +167,33 @@ if ($this->data['errorCode'] !== NULL)
<!-- Undefined index is suppressed and the default is used for these values --> <!-- Undefined index is suppressed and the default is used for these values -->
<input id="mode" type="hidden" name="mode" <input id="mode" type="hidden" name="mode"
value="<?php echo @$this->data['mode'] ?: "otp" ?>"/> value="<?php echo htmlspecialchars(@$this->data['mode'] ?: "otp", ENT_QUOTES) ?>"/>
<input id="pushAvailable" type="hidden" name="pushAvailable" <input id="pushAvailable" type="hidden" name="pushAvailable"
value="<?php echo @$this->data['pushAvailable'] ?: false ?>"/> value="<?php echo htmlspecialchars(@$this->data['pushAvailable'] ?: "", ENT_QUOTES) ?>"/>
<input id="otpAvailable" type="hidden" name="otpAvailable" <input id="otpAvailable" type="hidden" name="otpAvailable"
value="<?php echo @$this->data['otpAvailable'] ?: true ?>"/> value="<?php echo htmlspecialchars(@$this->data['otpAvailable'] ?: "1", ENT_QUOTES) ?>"/>
<input id="webAuthnSignRequest" type="hidden" name="webAuthnSignRequest" <input id="webAuthnSignRequest" type="hidden" name="webAuthnSignRequest"
value='<?php echo @$this->data['webAuthnSignRequest'] ?: "" ?>'/> value='<?php echo htmlspecialchars(@$this->data['webAuthnSignRequest'] ?: "", ENT_QUOTES) ?>'/>
<input id="u2fSignRequest" type="hidden" name="u2fSignRequest" <input id="u2fSignRequest" type="hidden" name="u2fSignRequest"
value='<?php echo @$this->data['u2fSignRequest'] ?: "" ?>'/> value='<?php echo htmlspecialchars(@$this->data['u2fSignRequest'] ?: "", ENT_QUOTES) ?>'/>
<input id="modeChanged" type="hidden" name="modeChanged" value="0"/> <input id="modeChanged" type="hidden" name="modeChanged" value="0"/>
<input id="step" type="hidden" name="step" <input id="step" type="hidden" name="step"
value="<?php echo @$this->data['step'] ?: 2 ?>"/> value="<?php echo htmlspecialchars(@$this->data['step'] ?: 2, ENT_QUOTES) ?>"/>
<input id="webAuthnSignResponse" type="hidden" name="webAuthnSignResponse" value=""/> <input id="webAuthnSignResponse" type="hidden" name="webAuthnSignResponse" value=""/>
<input id="u2fSignResponse" type="hidden" name="u2fSignResponse" value=""/> <input id="u2fSignResponse" type="hidden" name="u2fSignResponse" value=""/>
<input id="origin" type="hidden" name="origin" value=""/> <input id="origin" type="hidden" name="origin" value=""/>
<input id="loadCounter" type="hidden" name="loadCounter" <input id="loadCounter" type="hidden" name="loadCounter"
value="<?php echo @$this->data['loadCounter'] ?: 1 ?>"/> value="<?php echo htmlspecialchars(@$this->data['loadCounter'] ?: 1, ENT_QUOTES) ?>"/>
<!-- Additional input to persist the message --> <!-- Additional input to persist the message -->
<input type="hidden" name="message" <input type="hidden" name="message"
value="<?php echo @$this->data['message'] ?: "" ?>"/> value="<?php echo htmlspecialchars(@$this->data['message'] ?: "" , ENT_QUOTES)?>"/>
<?php <?php
// If enrollToken load QR Code // If enrollToken load QR Code
......
www/FormReceiver.php
+ 1
1
View file @ 80f29804
...@@ -11,7 +11,7 @@ $state = SimpleSAML_Auth_State::loadState($stateId, 'privacyidea:privacyidea'); ...@@ -11,7 +11,7 @@ $state = SimpleSAML_Auth_State::loadState($stateId, 'privacyidea:privacyidea');
// Find the username // Find the username
if (array_key_exists('username', $_REQUEST)) if (array_key_exists('username', $_REQUEST))
{ {
$username = (string)$_REQUEST['username']; $username = (string)$_REQUEST['username'];
} }
elseif (isset($state['privacyidea:privacyidea']['uidKey'])) elseif (isset($state['privacyidea:privacyidea']['uidKey']))
{ {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment