diff --git a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php index d80bf35f0f951656e7d5f7fd5601c0d051f35f2a..f209333c554990c870196ce4cb86eb79d25a3e8c 100644 --- a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php +++ b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php @@ -114,7 +114,7 @@ class SimpleSAML_XML_SAML20_LogoutResponse { $destination = $receivermd['SingleLogoutService']; $samlResponse = '<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" -ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. $destination. '" InResponseTo="' . $inresponseto . '"> +ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. $destination. '" InResponseTo="' . htmlspecialchars($inresponseto) . '"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . $issuer . '</saml:Issuer> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"