From ed20e5819fa9a77eea24b2ea999355f852a4c74e Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 17 Dec 2007 14:55:24 +0000
Subject: [PATCH] SAML2:LogoutResponse - Escape InResponseTo value in response
 data.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@117 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/XML/SAML20/LogoutResponse.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
index d80bf35f0..f209333c5 100644
--- a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
@@ -114,7 +114,7 @@ class SimpleSAML_XML_SAML20_LogoutResponse {
 		$destination = $receivermd['SingleLogoutService'];
 		
 		$samlResponse = '<samlp:LogoutResponse  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. $destination. '" InResponseTo="' . $inresponseto . '">
+ID="_' . $id . '" Version="2.0" IssueInstant="' . $issueInstant . '" Destination="'. $destination. '" InResponseTo="' . htmlspecialchars($inresponseto) . '">
 <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">' . $issuer . '</saml:Issuer>
 <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
 <samlp:StatusCode  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
-- 
GitLab