diff options
| -rw-r--r-- | Auth/OpenID/Message.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/Auth/OpenID/Message.php b/Auth/OpenID/Message.php index 9aa1fa4..16ec1c1 100644 --- a/Auth/OpenID/Message.php +++ b/Auth/OpenID/Message.php @@ -675,7 +675,7 @@ class Auth_OpenID_Message { if ($form_tag_attrs) { foreach ($form_tag_attrs as $name => $attr) { - $form .= sprintf(" %s=\"%s\"", $name, $attr); + $form .= sprintf(" %s=\"%s\"", $name, htmlspecialchars($attr)); } } @@ -684,11 +684,11 @@ class Auth_OpenID_Message { foreach ($this->toPostArgs() as $name => $value) { $form .= sprintf( "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n", - $name, $value); + htmlspecialchars($name), htmlspecialchars($value)); } $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n", - $submit_text); + htmlspecialchars($submit_text)); $form .= "</form>\n"; |