From bae29de9a2db0f158de1009cfc05fbf65d8c416f Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 13 Dec 2007 15:01:34 +0000
Subject: [PATCH] login-template: Escape variables added to output.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@99 44740490-163a-0410-bde0-09ae8108e29a
---
 templates/default/en/login.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/default/en/login.php b/templates/default/en/login.php
index 334568122..410a69325 100644
--- a/templates/default/en/login.php
+++ b/templates/default/en/login.php
@@ -30,11 +30,11 @@
 				<td style="padding: .3em;">Username</td>
 				<td><input type="text" tabindex="1" name="username" 
 					<?php if (isset($data['username'])) {
-						echo 'value="' . $data['username'] . '"';
+						echo 'value="' . htmlspecialchars($data['username']) . '"';
 					} ?> /></td>
 				<td style="padding: .4em; rowspan="2">
 					<input type="submit" tabindex="3" value="Login" />
-					<input type="hidden" name="RelayState" value="<?php echo $data['relaystate']; ?>" />
+					<input type="hidden" name="RelayState" value="<?php echo htmlspecialchars($data['relaystate']); ?>" />
 				</td>
 			</tr>
 			<tr>
-- 
GitLab