XSS fix for metaedit module

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2236 44740490-163a-0410-bde0-09ae8108e29a

XSS fix for metaedit module
76bdd7b3 · Andreas Åkre Solberg · 0bad3640 · 76bdd7b3
Commit 76bdd7b3 authored 15 years ago by Andreas Åkre Solberg
--- a/modules/metaedit/templates/metalist.php
+++ b/modules/metaedit/templates/metalist.php
@@ -21,8 +21,8 @@ $i = 0; $rows = array('odd', 'even');
 foreach($this->data['metadata']['mine'] AS $md ) {
 	$i++; 
 	echo('<tr class="' . $rows[$i % 2] . '">
-		<td>' . $md['name'] . '</td>
-		<td><tt>' . $md['entityid'] . '</tt></td>
+		<td>' . htmlspecialchars($md['name']) . '</td>
+		<td><tt>' . htmlspecialchars($md['entityid']) . '</tt></td>
 		<td>
 			<a href="edit.php?entityid=' . urlencode($md['entityid']) . '">edit</a>
 			<a href="index.php?delete=' . urlencode($md['entityid']) . '">delete</a>
@@ -41,9 +41,9 @@ $i = 0; $rows = array('odd', 'even');
 foreach($this->data['metadata']['others'] AS $md ) {
 	$i++; 
 	echo('<tr class="' . $rows[$i % 2] . '">
-		<td>' . $md['name'] . '</td>
-		<td><tt>' . $md['entityid'] . '</tt></td>
-		<td>' . (isset($md['owner']) ? $md['owner'] : 'No owner') . '
+		<td>' . htmlspecialchars($md['name']) . '</td>
+		<td><tt>' . htmlspecialchars($md['entityid']) . '</tt></td>
+		<td>' . (isset($md['owner']) ? htmlspecialchars($md['owner']) : 'No owner') . '
 		</td></tr>');
 }
 if ($i == 0) {