From 4210eb01500bfaed04ac23fe4bc3b46a9de8af42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Wed, 2 Feb 2011 12:00:28 +0000
Subject: [PATCH] Fix some missing html escaping...

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2731 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/oauth/templates/authorized.php | 4 ++--
 modules/oauth/templates/consent.php    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/oauth/templates/authorized.php b/modules/oauth/templates/authorized.php
index 4eb99a9ae..264751a0d 100644
--- a/modules/oauth/templates/authorized.php
+++ b/modules/oauth/templates/authorized.php
@@ -8,9 +8,9 @@ $this->includeAtTemplateBase('includes/header.php');
     <p style="margin-top: 2em">
        You are now successfully authenticated, and you may click <em>Continue</em> in the application where you initiated authentication.
     </p>
-<?php if ($this->data['oauth_verifier']) {?>
+<?php if (!empty($this->data['oauth_verifier'])) {?>
 	<p>
-		When asked, the verifier code to finish the procedure, is: <b><?php echo $this->data['oauth_verifier'];?></b>.
+		When asked, the verifier code to finish the procedure, is: <b><?php echo htmlspecialchars($this->data['oauth_verifier']);?></b>.
 	</p>
 <?php } ?>       
 
diff --git a/modules/oauth/templates/consent.php b/modules/oauth/templates/consent.php
index f02333151..c82af245d 100644
--- a/modules/oauth/templates/consent.php
+++ b/modules/oauth/templates/consent.php
@@ -6,10 +6,10 @@ $this->includeAtTemplateBase('includes/header.php');
 ?>
 
     <p style="margin-top: 2em">
-       Do you agree to let the application at <b><?php echo $this->data['consumer']['name']?></b> use Foodle on your behalf? 
+       Do you agree to let the application at <b><?php echo htmlspecialchars($this->data['consumer']['name'])?></b> use Foodle on your behalf? 
     </p>
     <p>
-      <a href="<?php echo $this->data['urlAgree']; ?>">Yes I agree</a> |
+      <a href="<?php echo htmlspecialchars($this->data['urlAgree']); ?>">Yes I agree</a> |
       <a href="javascript:alert('Please close this browser.');">No, cancel the request.</a>
     </p>
 
-- 
GitLab