diff options
| author | Olav Morken <olav.morken@uninett.no> | 2008-01-24 11:53:29 +0000 |
|---|---|---|
| committer | Olav Morken <olav.morken@uninett.no> | 2008-01-24 11:53:29 +0000 |
| commit | 6aec71b95fa7299478a903b181a7667f2e34d29a (patch) | |
| tree | d974a02a124d7e92cdf9ca3187b8ddfd10b580df /lib/SimpleSAML/XML/Shib13/AuthnResponse.php | |
| parent | b89be020316027e66ca58eb5224ae3cb95560260 (diff) | |
| download | simplesamlphp-6aec71b95fa7299478a903b181a7667f2e34d29a.zip simplesamlphp-6aec71b95fa7299478a903b181a7667f2e34d29a.tar.gz simplesamlphp-6aec71b95fa7299478a903b181a7667f2e34d29a.tar.bz2 | |
Shib13:AuthnResponse: Escape data in xml output.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@189 44740490-163a-0410-bde0-09ae8108e29a
Diffstat (limited to 'lib/SimpleSAML/XML/Shib13/AuthnResponse.php')
| -rw-r--r-- | lib/SimpleSAML/XML/Shib13/AuthnResponse.php | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php index c48d58c..7ad1074 100644 --- a/lib/SimpleSAML/XML/Shib13/AuthnResponse.php +++ b/lib/SimpleSAML/XML/Shib13/AuthnResponse.php @@ -398,8 +398,8 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { $encodedattributes .= '<AttributeStatement> <Subject> - <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . $spnamequalifier . '" - >' . $nameid . '</NameIdentifier> + <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . htmlspecialchars($spnamequalifier) . '" + >' . htmlspecialchars($nameid) . '</NameIdentifier> </Subject>'; foreach ($attributes AS $name => $value) { @@ -419,7 +419,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" IssueInstant="' . $issueInstant. '" MajorVersion="1" MinorVersion="1" - Recipient="' . $shire . '" + Recipient="' . htmlspecialchars($shire) . '" ResponseID="' . $id . '"> <Status> @@ -429,17 +429,17 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { </Status> <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="' . $assertionid . '" IssueInstant="' . $issueInstant. '" - Issuer="' . $issuer . '" MajorVersion="1" MinorVersion="1"> + Issuer="' . htmlspecialchars($issuer) . '" MajorVersion="1" MinorVersion="1"> <Conditions NotBefore="' . $issueInstant. '" NotOnOrAfter="'. $assertionExpire . '"> <AudienceRestrictionCondition> - <Audience>' . $audience . '</Audience> + <Audience>' . htmlspecialchars($audience) . '</Audience> </AudienceRestrictionCondition> </Conditions> <AuthenticationStatement AuthenticationInstant="' . $issueInstant. '" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"> <Subject> - <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . $spnamequalifier . '" - >' . $nameid . '</NameIdentifier> + <NameIdentifier Format="urn:mace:shibboleth:1.0:nameIdentifier" NameQualifier="' . htmlspecialchars($spnamequalifier) . '" + >' . htmlspecialchars($nameid) . '</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</ConfirmationMethod> </SubjectConfirmation> @@ -458,7 +458,7 @@ class SimpleSAML_XML_Shib13_AuthnResponse extends SimpleSAML_XML_AuthnResponse { private function enc_attribute($name, $value, $base64 = false) { - return '<Attribute AttributeName="' . $name . '" + return '<Attribute AttributeName="' . htmlspecialchars($name) . '" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"> <AttributeValue>' . ($base64 ? base64_encode($value) : htmlspecialchars($value) ) . '</AttributeValue> </Attribute>'; |