Skip to content
Snippets Groups Projects
Commit 08e6f797 authored by Olav Morken's avatar Olav Morken
Browse files

oauth: Fix cross-site scripting.

Failure to escape the user id can be exploited by a malicious IdP
to run scripts in the domain of the oauth host. There is also a
failure to escape data in from the OAuth registry.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2443 44740490-163a-0410-bde0-09ae8108e29a
parent 88e1f09d
No related branches found
No related tags found
No related merge requests found
...@@ -13,7 +13,7 @@ $this->includeAtTemplateBase('includes/header.php'); ...@@ -13,7 +13,7 @@ $this->includeAtTemplateBase('includes/header.php');
echo('<h1>OAuth Client Registry</h1>'); echo('<h1>OAuth Client Registry</h1>');
echo('<p>Here you can register new OAuth Clients. You are successfully logged in as ' . $this->data['userid'] . '</p>'); echo('<p>Here you can register new OAuth Clients. You are successfully logged in as ' . htmlspecialchars($this->data['userid']) . '</p>');
echo('<h2>Your clients</h2>'); echo('<h2>Your clients</h2>');
echo('<table class="metalist" style="width: 100%">'); echo('<table class="metalist" style="width: 100%">');
...@@ -22,8 +22,8 @@ foreach($this->data['entries']['mine'] AS $entryc ) { ...@@ -22,8 +22,8 @@ foreach($this->data['entries']['mine'] AS $entryc ) {
$entry = $entryc['value']; $entry = $entryc['value'];
$i++; $i++;
echo('<tr class="' . $rows[$i % 2] . '"> echo('<tr class="' . $rows[$i % 2] . '">
<td>' . $entry['name'] . '</td> <td>' . htmlspecialchars($entry['name']) . '</td>
<td><tt>' . $entry['key'] . '</tt></td> <td><tt>' . htmlspecialchars($entry['key']) . '</tt></td>
<td> <td>
<a href="registry.edit.php?editkey=' . urlencode($entry['key']) . '">edit</a> <a href="registry.edit.php?editkey=' . urlencode($entry['key']) . '">edit</a>
<a href="registry.php?delete=' . urlencode($entry['key']) . '">delete</a> <a href="registry.php?delete=' . urlencode($entry['key']) . '">delete</a>
...@@ -43,9 +43,9 @@ foreach($this->data['entries']['others'] AS $entryc ) { ...@@ -43,9 +43,9 @@ foreach($this->data['entries']['others'] AS $entryc ) {
$entry = $entryc['value']; $entry = $entryc['value'];
$i++; $i++;
echo('<tr class="' . $rows[$i % 2] . '"> echo('<tr class="' . $rows[$i % 2] . '">
<td>' . $entry['name'] . '</td> <td>' . htmlspecialchars($entry['name']) . '</td>
<td><tt>' . $entry['key'] . '</tt></td> <td><tt>' . htmlspecialchars($entry['key']) . '</tt></td>
<td>' . (isset($entry['owner']) ? $entry['owner'] : 'No owner') . ' <td>' . (isset($entry['owner']) ? htmlspecialchars($entry['owner']) : 'No owner') . '
</td></tr>'); </td></tr>');
} }
if ($i == 0) { if ($i == 0) {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment