Error page: Fix cross-site scripting.

If the users email-address comes from an untrusted source, it can be used to inject arbitrary HTML into the error pages. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2432 44740490-163a-0410-bde0-09ae8108e29a

Error page: Fix cross-site scripting.
If the users email-address comes from an untrusted source, it can be used to inject arbitrary HTML into the error pages. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2432 44740490-163a-0410-bde0-09ae8108e29a
0d56e4ef · Olav Morken · 577d6dc2 · 0d56e4ef
Commit 0d56e4ef authored 14 years ago by Olav Morken
--- a/templates/error.php
+++ b/templates/error.php
@@ -47,7 +47,7 @@ if (isset($this->data['errorReportAddress'])) {
 	<form action="<?php echo htmlspecialchars($this->data['errorReportAddress']); ?>" method="post">
 		<p><?php echo $this->t('report_text'); ?></p>
-		<p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo($this->data['email']); ?>" />
+		<p><?php echo $this->t('report_email'); ?> <input type="text" size="25" name="email" value="<?php echo htmlspecialchars($this->data['email']); ?>" />
 		<p>
 		<textarea style="width: 300px; height: 100px" name="text"><?php echo $this->t('report_explain'); ?></textarea>