summaryrefslogtreecommitdiffstats
path: root/Auth
diff options
context:
space:
mode:
Diffstat (limited to 'Auth')
-rw-r--r--Auth/OpenID/Message.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/Auth/OpenID/Message.php b/Auth/OpenID/Message.php
index 9a5b20d..16ec1c1 100644
--- a/Auth/OpenID/Message.php
+++ b/Auth/OpenID/Message.php
@@ -675,7 +675,7 @@ class Auth_OpenID_Message {
if ($form_tag_attrs) {
foreach ($form_tag_attrs as $name => $attr) {
- $form .= sprintf(" %s=\"%s\"", $name, $attr);
+ $form .= sprintf(" %s=\"%s\"", $name, htmlspecialchars($attr));
}
}
@@ -684,11 +684,11 @@ class Auth_OpenID_Message {
foreach ($this->toPostArgs() as $name => $value) {
$form .= sprintf(
"<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
- $name, urldecode($value));
+ htmlspecialchars($name), htmlspecialchars($value));
}
$form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
- $submit_text);
+ htmlspecialchars($submit_text));
$form .= "</form>\n";
generated by cgit v1.1 at 2025-05-10 20:01:49 +0000