templates - post: Escape data sent with HTTP-POST requests.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@111 44740490-163a-0410-bde0-09ae8108e29a

templates - post: Escape data sent with HTTP-POST requests.
aeb46206 · Olav Morken · 0863e328 · aeb46206
Commit aeb46206 authored 17 years ago by Olav Morken
--- a/templates/default/en/post.php
+++ b/templates/default/en/post.php
@@ -11,9 +11,9 @@
 		<p><strong>Note:</strong> Since your browser does not support JavaScript, you must press the button below once to proceed.</p> 
 	</noscript> 
 	
-	<form method="post" action="<?php echo $data['destination']; ?>">
-		<input type="hidden" name="SAMLResponse" value="<?php echo $data['response']; ?>" />
-		<input type="hidden" name="<?php echo $data['RelayStateName']; ?>" value="<?php echo $data['RelayState']; ?>">
+	<form method="post" action="<?php echo htmlspecialchars($data['destination']); ?>">
+		<input type="hidden" name="SAMLResponse" value="<?php echo htmlspecialchars($data['response']); ?>" />
+		<input type="hidden" name="<?php echo htmlspecialchars($data['RelayStateName']); ?>" value="<?php echo htmlspecialchars($data['RelayState']); ?>">
 		
 		<noscript>
 			<input type="submit" value="Submit the response to the service" />