diff --git a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php index 0fc2c819fb1d292d1819ad6a4229e341bdd7385f..ead9afa386a54f4137259d9642c238f76c3b3067 100644 --- a/lib/SimpleSAML/XML/SAML20/AuthnRequest.php +++ b/lib/SimpleSAML/XML/SAML20/AuthnRequest.php @@ -154,17 +154,17 @@ class SimpleSAML_XML_SAML20_AuthnRequest { "IssueInstant=\"" . $issueInstant . "\" " . "ForceAuthn=\"false\" " . "IsPassive=\"false\" " . - "Destination=\"" . $destination . "\" " . + "Destination=\"" . htmlspecialchars($destination) . "\" " . "ProtocolBinding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" " . - "AssertionConsumerServiceURL=\"" . $assertionConsumerServiceURL . "\">\n" . + "AssertionConsumerServiceURL=\"" . htmlspecialchars($assertionConsumerServiceURL) . "\">\n" . "<saml:Issuer " . "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" . - $spentityid . + htmlspecialchars($spentityid) . "</saml:Issuer>\n" . "<samlp:NameIDPolicy " . "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " . - "Format=\"" . $nameidformat. "\" " . - "SPNameQualifier=\"" . $spNameQualifier . "\" " . + "Format=\"" . htmlspecialchars($nameidformat). "\" " . + "SPNameQualifier=\"" . htmlspecialchars($spNameQualifier) . "\" " . "AllowCreate=\"true\" />\n" . "<samlp:RequestedAuthnContext " . "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " . diff --git a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php index 56984d9b7cf3fd9126118cce216aff0d183bf017..65ed360ebeab4364114c2fb8f60be02e7ae716e0 100644 --- a/lib/SimpleSAML/XML/SAML20/AuthnResponse.php +++ b/lib/SimpleSAML/XML/SAML20/AuthnResponse.php @@ -409,7 +409,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { ID="' . $id . '" InResponseTo="' . htmlspecialchars($inresponseto) . '" Version="2.0" IssueInstant="' . $issueInstant . '" - Destination="' . $destination . '"> + Destination="' . htmlspecialchars($destination) . '"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" @@ -423,7 +423,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml:SubjectConfirmationData NotOnOrAfter="' . $assertionExpire . '" InResponseTo="' . htmlspecialchars($inresponseto). '" - Recipient="' . $destination . '"/> + Recipient="' . htmlspecialchars($destination) . '"/> </saml:SubjectConfirmation> </saml:Subject> <saml:Conditions NotBefore="' . $notBefore. '" NotOnOrAfter="' . $assertionExpire. '"> @@ -432,7 +432,7 @@ class SimpleSAML_XML_SAML20_AuthnResponse extends SimpleSAML_XML_AuthnResponse { </saml:AudienceRestriction> </saml:Conditions> <saml:AuthnStatement AuthnInstant="' . $issueInstant . '" - SessionIndex="' . $sessionindex . '"> + SessionIndex="' . htmlspecialchars($sessionindex) . '"> <saml:AuthnContext> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef> </saml:AuthnContext> diff --git a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php index 137ff0c985be3e527b7d2b6aa9576be5d7d00043..e1c90884963d3ee7e1c3880e370ede4c83fd9074 100644 --- a/lib/SimpleSAML/XML/SAML20/LogoutRequest.php +++ b/lib/SimpleSAML/XML/SAML20/LogoutRequest.php @@ -141,22 +141,22 @@ class SimpleSAML_XML_SAML20_LogoutRequest { "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" " . "ID=\"" . $id . "\" " . "Version=\"2.0\" " . - "Destination=\"" . $destination . "\" " . + "Destination=\"" . htmlspecialchars($destination) . "\" " . "IssueInstant=\"" . $issueInstant . "\"> " . "<saml:Issuer " . "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\">" . - $issuer . + htmlspecialchars($issuer) . "</saml:Issuer>" . "<saml:NameID " . "xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" " . // "NameQualifier=\"" . $nameId["NameQualifier"] . "\" " . // "SPNameQualifier=\"" . $nameId["SPNameQualifier"] . "\" " . - "Format=\"" . $nameidformat. "\">" . - $nameid . + "Format=\"" . htmlspecialchars($nameidformat) . "\">" . + htmlspecialchars($nameid) . "</saml:NameID>" . "<samlp:SessionIndex " . "xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\">" . - $sessionindex . + htmlspecialchars($sessionindex) . "</samlp:SessionIndex>" . "</samlp:LogoutRequest>"; diff --git a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php index 5378c7a0a3281e33192bbb70f3241368ee9cc065..84fe044fcc767df8fb69509354126fc636607465 100644 --- a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php +++ b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php @@ -113,14 +113,14 @@ class SimpleSAML_XML_SAML20_LogoutResponse { $destination = $receivermd['SingleLogoutService']; $samlResponse = '<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" -ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. $destination. '" InResponseTo="' . htmlspecialchars($inresponseto) . '"> -<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . $issuer . '</saml:Issuer> +ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. htmlspecialchars($destination). '" InResponseTo="' . htmlspecialchars($inresponseto) . '"> +<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . htmlspecialchars($issuer) . '</saml:Issuer> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Value="urn:oasis:names:tc:SAML:2.0:status:Success"> </samlp:StatusCode> <samlp:StatusMessage xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> -Successfully logged out from service ' . $issuer . ' +Successfully logged out from service ' . htmlspecialchars($issuer) . ' </samlp:StatusMessage> </samlp:Status> </samlp:LogoutResponse>';