From 4fa92f640d2520fbeaf2b068c59edb33ba11a4cc Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 29 Jul 2010 10:40:47 +0000
Subject: [PATCH] consent: Fix cross-site scripting.

Two possibilities:
- Users attributes from an untrusted source.
- Metadata from an untrusted source.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2433 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/consent/templates/consentform.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/consent/templates/consentform.php b/modules/consent/templates/consentform.php
index b5d49cb1a..d023eed33 100644
--- a/modules/consent/templates/consentform.php
+++ b/modules/consent/templates/consentform.php
@@ -53,6 +53,8 @@ if (is_array($dstName)) {
 	$dstName = $this->t($dstName);
 }
 
+$srcName = htmlspecialchars($srcName);
+$dstName = htmlspecialchars($dstName);
 
 $attributes = $this->data['attributes'];
 
@@ -111,7 +113,7 @@ foreach ($this->data['noData'] as $name => $value) {
 <?php
 if ($this->data['sppp'] !== FALSE) {
 	echo "<p>" . htmlspecialchars($this->t('{consent:consent:consent_privacypolicy}')) . " ";
-	echo "<a target='_blank' href='" . htmlspecialchars($this->data['sppp']) . "'>" . htmlspecialchars($dstName) . "</a>";
+	echo "<a target='_blank' href='" . htmlspecialchars($this->data['sppp']) . "'>" . $dstName . "</a>";
 	echo "</p>";
 }
 ?>
@@ -165,7 +167,7 @@ function present_attributes($t, $attributes, $nameParent) {
 				$str .= '<ul>';
 				foreach ($value AS $listitem) {
 					if ($nameraw === 'jpegPhoto') {
-						$str .= '<li><img src="data:image/jpeg;base64,' . $listitem . '" alt="User photo" /></li>';
+						$str .= '<li><img src="data:image/jpeg;base64,' . htmlspecialchars($listitem) . '" alt="User photo" /></li>';
 					} else {
 						$str .= '<li>' . htmlspecialchars($listitem) . '</li>';
 					}
-- 
GitLab