From 8b246e50878665605d4787ff62b0d44e60dbf6ad Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 29 Jul 2010 10:41:12 +0000
Subject: [PATCH] authX509: Fix cross-site scripting.

Fixes a potential cross-site scripting vulnerability on the error page.
Fortuitously, a different bug prevents us from ever reaching this page,
so this bug cannot be exploited.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2436 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/authX509/templates/X509error.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/authX509/templates/X509error.php b/modules/authX509/templates/X509error.php
index cded8b864..00168ba01 100644
--- a/modules/authX509/templates/X509error.php
+++ b/modules/authX509/templates/X509error.php
@@ -21,7 +21,7 @@ if ($this->data['errorcode'] !== NULL) {
 
 	<p><?php echo $this->t('{authX509:X509error:certificate_text}'); ?></p>
 
-	<a href="<?php echo SimpleSAML_Utilities::selfURL(); ?>">
+	<a href="<?php echo htmlspecialchars(SimpleSAML_Utilities::selfURL()); ?>">
 		<?php echo $this->t('{login:login_button}'); ?>
 	</a>
 
-- 
GitLab