SAML2_HTTPPost::send: use SimpleSAML_Utilities::postRedirect (issue 417).

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2877 44740490-163a-0410-bde0-09ae8108e29a

lib/SAML2/HTTPPost.php

@@ -30,7 +30,6 @@ class SAML2_HTTPPost extends SAML2_Binding {
 		SimpleSAML_Utilities::debugMessage($msgStr, 'out');
 
 		$msgStr = base64_encode($msgStr);
-		$msgStr = htmlspecialchars($msgStr);
 
 		if ($message instanceof SAML2_Request) {
 			$msgType = 'SAMLRequest';
@@ -38,35 +37,14 @@ class SAML2_HTTPPost extends SAML2_Binding {
 			$msgType = 'SAMLResponse';
 		}
 
-		$destination = htmlspecialchars($destination);
+		$post = array();
+		$post[$msgType] = $msgStr;
 
 		if ($relayState !== NULL) {
-			$relayState = '<input type="hidden" name="RelayState" value="' . htmlspecialchars($relayState) . '">';
-		} else {
-			$relayState = '';
+			$post['RelayState'] = $relayState;
 		}
 
-		$out = <<<END
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<title>POST data</title>
-</head>
-<body onload="document.forms[0].submit()">
-<noscript>
-<p><strong>Note:</strong> Since your browser does not support JavaScript, you must press the button below once to proceed.</p>
-</noscript>
-<form method="post" action="$destination">
-<input type="hidden" name="$msgType" value="$msgStr" />
-$relayState
-<noscript><input type="submit" value="Submit" /></noscript>
-</form>
-</body>
-</html>
-END;
-		echo($out);
-		exit(0);
+		SimpleSAML_Utilities::postRedirect($destination, $post);
 	}