Skip to content
Snippets Groups Projects
Commit 8d04da7d authored by Olav Morken's avatar Olav Morken
Browse files

openidProvider: Fix cross-site scripting.

If someone is able to perform a session fixation attack on the
openidProvider host, he can then make users execute scripts in that
domain.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2445 44740490-163a-0410-bde0-09ae8108e29a
parent eb113f86
No related branches found
No related tags found
No related merge requests found
...@@ -10,7 +10,7 @@ $params = array( ...@@ -10,7 +10,7 @@ $params = array(
echo('<p>' . $this->t('{openidProvider:openidProvider:confirm_question}', $params) . '</p>'); echo('<p>' . $this->t('{openidProvider:openidProvider:confirm_question}', $params) . '</p>');
?> ?>
<form method="post" action="?"> <form method="post" action="?">
<input type="hidden" name="StateID" value="<?php echo $this->data['StateID']; ?>" /> <input type="hidden" name="StateID" value="<?php echo htmlspecialchars($this->data['StateID']); ?>" />
<input type="checkbox" name="TrustRemember" value="on" id="remember" /> <input type="checkbox" name="TrustRemember" value="on" id="remember" />
<label for="TrustRemember"><?php echo($this->t('{openidProvider:openidProvider:remember}')); ?></label> <label for="TrustRemember"><?php echo($this->t('{openidProvider:openidProvider:remember}')); ?></label>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment