Skip to content
Snippets Groups Projects
Commit 0f397188 authored by Olav Morken's avatar Olav Morken
Browse files

consentAdmin: Fix cross-site scripting.

Can be exploited if the site is configured to fetch metadata from an
untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2439 44740490-163a-0410-bde0-09ae8108e29a
parent f09a13f5
No related branches found
No related tags found
No related merge requests found
......@@ -75,8 +75,8 @@ span.showhide {
foreach ($spList AS $spName => $spValues) {
$this->includeInlineTranslation('spname', $spValues['name']);
$this->includeInlineTranslation('spdescription', $spValues['description']);
$htmlSpName = $this->t('spname', array(), false, true);
$spDescription = $this->t('spdescription',array(), false, true);
$htmlSpName = htmlspecialchars($this->t('spname', array(), false, true));
$spDescription = htmlspecialchars($this->t('spdescription',array(), false, true));
$checkedAttr = $spValues['consentStatus'] == 'ok' ? "checked='yes'" : "";
$consentValue = $spValues['consentValue'];
$consentText = $spValues['consentStatus'] == 'changed' ? "attributes has changed" : "";
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment