From effce8abd8888501bb881912c9d8b1330d05a932 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Thu, 24 Jan 2008 12:24:15 +0000 Subject: [PATCH] SAML2:SP:Metadata: Escape XML in metadata. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@192 44740490-163a-0410-bde0-09ae8108e29a --- www/saml2/sp/metadata.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php index e432bbf78..d53cd801e 100644 --- a/www/saml2/sp/metadata.php +++ b/www/saml2/sp/metadata.php @@ -23,7 +23,7 @@ try { */ $metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?> -<EntityDescriptor entityID="' . $spentityid . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> +<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata"> <SPSSODescriptor AuthnRequestsSigned="false" @@ -32,7 +32,7 @@ try { <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" - Location="' . $metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted') . '"/> + Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> @@ -40,7 +40,7 @@ try { index="0" isDefault="true" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" - Location="' . $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted') . '" /> + Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" /> </SPSSODescriptor> -- GitLab