metaedit: Fix cross-site scripting.

metaedit fails to validate the userid. If a malicious user is able to make another user log in as that user id, he will be able to run scripts in the domain of the site. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2442 44740490-163a-0410-bde0-09ae8108e29a

metaedit: Fix cross-site scripting.
metaedit fails to validate the userid. If a malicious user is able to make another user log in as that user id, he will be able to run scripts in the domain of the site. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2442 44740490-163a-0410-bde0-09ae8108e29a
88e1f09d · Olav Morken · 6828a781 · 88e1f09d
Commit 88e1f09d authored 14 years ago by Olav Morken
--- a/modules/metaedit/templates/metalist.php
+++ b/modules/metaedit/templates/metalist.php
@@ -13,7 +13,7 @@ $this->includeAtTemplateBase('includes/header.php');
 echo('<h1>Metadata Registry</h1>');
-echo('<p>Here you can register new SAML entities. You are successfully logged in as ' . $this->data['userid'] . '</p>');
+echo('<p>Here you can register new SAML entities. You are successfully logged in as ' . htmlspecialchars($this->data['userid']) . '</p>');
 echo('<h2>Your entries</h2>');
 echo('<table class="metalist" style="width: 100%">');