Merge pull request #258 from LukasReschke/escape-error-messages

pitbulk · web-flow · commit 4e85c6929696 · 2017-09-28T15:17:27.000+02:00
Escape error messages in debug mode
diff --git a/lib/Saml2/LogoutRequest.php b/lib/Saml2/LogoutRequest.php
@@ -380,7 +380,7 @@ public function isValid($retrieveParametersFromServer = false)
             $this->_error = $e->getMessage();
             $debug = $this->_settings->isDebugActive();
             if ($debug) {
-                echo $this->_error;
+                echo htmlentities($this->_error);
             }
             return false;
         }
diff --git a/lib/Saml2/LogoutResponse.php b/lib/Saml2/LogoutResponse.php
@@ -188,7 +188,7 @@ public function isValid($requestId = null, $retrieveParametersFromServer = false
             $this->_error = $e->getMessage();
             $debug = $this->_settings->isDebugActive();
             if ($debug) {
-                echo $this->_error;
+                echo htmlentities($this->_error);
             }
             return false;
         }
diff --git a/lib/Saml2/Response.php b/lib/Saml2/Response.php
@@ -402,7 +402,7 @@ public function isValid($requestId = null)
             $this->_error = $e->getMessage();
             $debug = $this->_settings->isDebugActive();
             if ($debug) {
-                echo $this->_error;
+                echo htmlentities($this->_error);
             }
             return false;
         }
diff --git a/lib/Saml2/Utils.php b/lib/Saml2/Utils.php
@@ -134,7 +134,7 @@ public static function validateXML($xml, $schema, $debug = false)
 
             if ($debug) {
                 foreach ($xmlErrors as $error) {
-                    echo $error->message."\n";
+                    echo htmlentities($error->message."\n");
                 }
             }
 

Original file line number	Diff line number	Diff line change
`@@ -380,7 +380,7 @@ public function isValid($retrieveParametersFromServer = false)`
`380`	`380`	`$this->_error = $e->getMessage();`
`381`	`381`	`$debug = $this->_settings->isDebugActive();`
`382`	`382`	`if ($debug) {`
`383`		`- echo $this->_error;`
	`383`	`+ echo htmlentities($this->_error);`
`384`	`384`	`}`
`385`	`385`	`return false;`
`386`	`386`	`}`
Original file line number	Diff line number	Diff line change
`@@ -188,7 +188,7 @@ public function isValid($requestId = null, $retrieveParametersFromServer = false`
`188`	`188`	`$this->_error = $e->getMessage();`
`189`	`189`	`$debug = $this->_settings->isDebugActive();`
`190`	`190`	`if ($debug) {`
`191`		`- echo $this->_error;`
	`191`	`+ echo htmlentities($this->_error);`
`192`	`192`	`}`
`193`	`193`	`return false;`
`194`	`194`	`}`
Original file line number	Diff line number	Diff line change
`@@ -402,7 +402,7 @@ public function isValid($requestId = null)`
`402`	`402`	`$this->_error = $e->getMessage();`
`403`	`403`	`$debug = $this->_settings->isDebugActive();`
`404`	`404`	`if ($debug) {`
`405`		`- echo $this->_error;`
	`405`	`+ echo htmlentities($this->_error);`
`406`	`406`	`}`
`407`	`407`	`return false;`
`408`	`408`	`}`
Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@ public static function validateXML($xml, $schema, $debug = false)`
`134`	`134`
`135`	`135`	`if ($debug) {`
`136`	`136`	`foreach ($xmlErrors as $error) {`
`137`		`- echo $error->message."\n";`
	`137`	`+ echo htmlentities($error->message."\n");`
`138`	`138`	`}`
`139`	`139`	`}`
`140`	`140`