From 5dc18aeaf3f1e6793c52da4527e9765541704ee0 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Thu, 24 Jan 2008 12:21:02 +0000 Subject: [PATCH] SAML2:IdP:Metadata: Escape XML in metadata. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@191 44740490-163a-0410-bde0-09ae8108e29a --- www/saml2/idp/metadata.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/www/saml2/idp/metadata.php b/www/saml2/idp/metadata.php index ce80d28e0..27f16507a 100644 --- a/www/saml2/idp/metadata.php +++ b/www/saml2/idp/metadata.php @@ -30,7 +30,7 @@ try { $metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <EntityDescriptor xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" - entityID="' . $idpentityid . '"> + entityID="' . htmlspecialchars($idpentityid) . '"> <IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> @@ -38,7 +38,7 @@ try { <KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> - <ds:X509Certificate>' . $data . '</ds:X509Certificate> + <ds:X509Certificate>' . htmlspecialchars($data) . '</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </KeyDescriptor> @@ -48,8 +48,8 @@ try { <!-- Logout endpoints --> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" - ResponseLocation="' . $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted') . '" + Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '" + ResponseLocation="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted')) . '" index="0" isDefault="true" /> @@ -61,7 +61,7 @@ try { <!-- AuthenticationRequest Consumer endpoint --> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="' . $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted') . '" + Location="' . htmlspecialchars($metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted')) . '" index="0" isDefault="true" /> -- GitLab