Updating Janrain OpenID auth library

[quix0rs-gnu-social.git] / extlib / Auth / OpenID / Message.php

diff --git a/extlib/Auth/OpenID/Message.php b/extlib/Auth/OpenID/Message.php
index 9aa1fa4684ad71c1ed83602a413cb9b7e8ece43d..16ec1c1db4c9469f2ba9810d62f2b516d150b946 100644 (file)
--- a/extlib/Auth/OpenID/Message.php
+++ b/extlib/Auth/OpenID/Message.php
@@ -675,7 +675,7 @@ class Auth_OpenID_Message {
 
         if ($form_tag_attrs) {
             foreach ($form_tag_attrs as $name => $attr) {
-                $form .= sprintf(" %s=\"%s\"", $name, $attr);
+                $form .= sprintf(" %s=\"%s\"", $name, htmlspecialchars($attr));
             }
         }
 
@@ -684,11 +684,11 @@ class Auth_OpenID_Message {
         foreach ($this->toPostArgs() as $name => $value) {
             $form .= sprintf(
                         "<input type=\"hidden\" name=\"%s\" value=\"%s\" />\n",
-                        $name, $value);
+                        htmlspecialchars($name), htmlspecialchars($value));
         }
 
         $form .= sprintf("<input type=\"submit\" value=\"%s\" />\n",
-                         $submit_text);
+                         htmlspecialchars($submit_text));
 
         $form .= "</form>\n";