openid: Fix cross-site scripting.

Can be exploited by a malicious openid provider to execute scripts on the host using openid. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2444 44740490-163a-0410-bde0-09ae8108e29a

openid: Fix cross-site scripting.
Can be exploited by a malicious openid provider to execute scripts on the host using openid. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2444 44740490-163a-0410-bde0-09ae8108e29a
eb113f86 · Olav Morken · 08e6f797 · eb113f86
Commit eb113f86 authored 14 years ago by Olav Morken
--- a/modules/openid/templates/consumer.php
+++ b/modules/openid/templates/consumer.php
@@ -50,7 +50,7 @@ div.error {
 			Identity&nbsp;URL:
 			<input type="hidden" name="action" value="verify" />
 			<input id="openid-identifier" class="openid-identifier" type="text" name="openid_url" value="http://" />
-			<input type="hidden" name="AuthState" value="<?php echo $this->data['AuthState']; ?>" />
+			<input type="hidden" name="AuthState" value="<?php echo htmlspecialchars($this->data['AuthState']); ?>" />
 			<input type="submit" value="Login with OpenID" />
 		</fieldset>
 	</form>