diff options
| -rw-r--r-- | Auth/OpenID/Message.php | 6 | ||||
| -rw-r--r-- | examples/server/lib/actions.php | 10 | ||||
| -rw-r--r-- | examples/server/lib/common.php | 6 | ||||
| -rw-r--r-- | examples/server/lib/session.php | 4 | ||||
| -rw-r--r-- | examples/server/setup.php | 8 |
5 files changed, 17 insertions, 17 deletions
diff --git a/Auth/OpenID/Message.php b/Auth/OpenID/Message.php index 9a5b20d..16ec1c1 100644 --- a/Auth/OpenID/Message.php +++ b/Auth/OpenID/Message.php @@ -675,7 +675,7 @@ class Auth_OpenID_Message { if ($form_tag_attrs) { foreach ($form_tag_attrs as $name => $attr) { - $form .= sprintf(" %s=\"%s\"", $name, $attr); + $form .= sprintf(" %s=\"%s\"", $name, htmlspecialchars($attr)); } } @@ -684,11 +684,11 @@ class Auth_OpenID_Message { foreach ($this->toPostArgs() as $name => $value) { $form .= sprintf( "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n", - $name, urldecode($value)); + htmlspecialchars($name), htmlspecialchars($value)); } $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n", - $submit_text); + htmlspecialchars($submit_text)); $form .= "</form>\n"; diff --git a/examples/server/lib/actions.php b/examples/server/lib/actions.php index 50dc19a..c87bf7b 100644 --- a/examples/server/lib/actions.php +++ b/examples/server/lib/actions.php @@ -18,7 +18,7 @@ function action_default() { header('X-XRDS-Location: '.buildURL('idpXrds')); - $server =& getServer(); + $server = getServer(); $method = $_SERVER['REQUEST_METHOD']; $request = null; if ($method == 'GET') { @@ -41,7 +41,7 @@ function action_default() if ($request->idSelect()) { // Perform IDP-driven identifier selection if ($request->mode == 'checkid_immediate') { - $response =& $request->answer(false); + $response = $request->answer(false); } else { return trust_render($request); } @@ -51,7 +51,7 @@ function action_default() // so. return noIdentifier_render(); } else if ($request->immediate) { - $response =& $request->answer(false, buildURL()); + $response = $request->answer(false, buildURL()); } else { if (!getLoggedInUser()) { return login_render(); @@ -59,10 +59,10 @@ function action_default() return trust_render($request); } } else { - $response =& $server->handleRequest($request); + $response = $server->handleRequest($request); } - $webresponse =& $server->encodeResponse($response); + $webresponse = $server->encodeResponse($response); if ($webresponse->code != AUTH_OPENID_HTTP_OK) { header(sprintf("HTTP/1.1 %d ", $webresponse->code), diff --git a/examples/server/lib/common.php b/examples/server/lib/common.php index 80d05f5..aa4f067 100644 --- a/examples/server/lib/common.php +++ b/examples/server/lib/common.php @@ -50,8 +50,8 @@ function doAuth($info, $trusted=null, $fail_cancels=false, if ($trusted) { setRequestInfo(); - $server =& getServer(); - $response =& $info->answer(true, null, $req_url); + $server = getServer(); + $response = $info->answer(true, null, $req_url); // Answer with some sample Simple Registration data. $sreg_data = array( @@ -76,7 +76,7 @@ function doAuth($info, $trusted=null, $fail_cancels=false, $sreg_response->toMessage($response->fields); // Generate a response to send to the user agent. - $webresponse =& $server->encodeResponse($response); + $webresponse = $server->encodeResponse($response); $new_headers = array(); diff --git a/examples/server/lib/session.php b/examples/server/lib/session.php index 201b6ee..5719b4b 100644 --- a/examples/server/lib/session.php +++ b/examples/server/lib/session.php @@ -82,8 +82,8 @@ function getServer() { static $server = null; if (!isset($server)) { - $server =& new Auth_OpenID_Server(getOpenIDStore(), - buildURL()); + $server = new Auth_OpenID_Server(getOpenIDStore(), + buildURL()); } return $server; } diff --git a/examples/server/setup.php b/examples/server/setup.php index 0a42bff..08af4d3 100644 --- a/examples/server/setup.php +++ b/examples/server/setup.php @@ -498,7 +498,7 @@ function getOpenIDStore() 'hostspec' => '<?php print $_SESSION['store_data']['host']; ?>' ); - $db =& DB::connect($dsn); + $db = DB::connect($dsn); if (PEAR::isError($db)) { return null; @@ -506,7 +506,7 @@ function getOpenIDStore() $db->query("USE <?php print $_SESSION['store_data']['database']; ?>"); - $s =& new Auth_OpenID_MySQLStore($db); + $s = new Auth_OpenID_MySQLStore($db); $s->createTables(); @@ -527,13 +527,13 @@ function getOpenIDStore() 'database' => '<?php print $_SESSION['store_data']['database']; ?>' ); - $db =& DB::connect($dsn); + $db = DB::connect($dsn); if (PEAR::isError($db)) { return null; } - $s =& new Auth_OpenID_PostgreSQLStore($db); + $s = new Auth_OpenID_PostgreSQLStore($db); $s->createTables(); |