fixup &

darcs-hash:20080617152051-84dde-bc311c05a6cb15cdc5ac52f56964fa98f42f3927.gz

diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index a9fbf7a26dda7b6813f3a86bdc5a0c6fbfa6464e..5d0537998d9c366b3471d489d37cc5e989147809 100644 (file)
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -113,7 +113,12 @@ class OpenidloginAction extends Action {
                        $form_id = 'openid_message';
                        $form_html = $auth_request->formMarkup($trust_root, $process_url,
                                                                                                   false, array('id' => $form_id));
-
+                       
+                       # XXX: This is cheap, but things choke if we don't escape ampersands
+                       # in the HTML attributes
+                       
+                       $form_html = preg_replace('/&/', '&', $form_html);
+                       
                        // Display an error if the form markup couldn't be generated;
                        // otherwise, render the HTML.
                        if (Auth_OpenID::isFailure($form_html)) {