From effce8abd8888501bb881912c9d8b1330d05a932 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 24 Jan 2008 12:24:15 +0000
Subject: [PATCH] SAML2:SP:Metadata: Escape XML in metadata.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@192 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/sp/metadata.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/www/saml2/sp/metadata.php b/www/saml2/sp/metadata.php
index e432bbf78..d53cd801e 100644
--- a/www/saml2/sp/metadata.php
+++ b/www/saml2/sp/metadata.php
@@ -23,7 +23,7 @@ try {
 	*/
 	
 	$metaxml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<EntityDescriptor entityID="' . $spentityid . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+<EntityDescriptor entityID="' . htmlspecialchars($spentityid) . '" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
 
 	<SPSSODescriptor 
 		AuthnRequestsSigned="false" 
@@ -32,7 +32,7 @@ try {
 
 		<SingleLogoutService 
 			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" 
-			Location="' . $metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted') . '"/>
+			Location="' . htmlspecialchars($metadata->getGenerated('SingleLogoutService', 'saml20-sp-hosted')) . '"/>
 		
 		<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
 		
@@ -40,7 +40,7 @@ try {
 			index="0" 
 			isDefault="true" 
 			Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
-			Location="' . $metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted') . '" />
+			Location="' . htmlspecialchars($metadata->getGenerated('AssertionConsumerService', 'saml20-sp-hosted')) . '" />
 
 	</SPSSODescriptor>
 
-- 
GitLab