summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@prodromou.name>2008-06-17 11:20:51 -0400
committerEvan Prodromou <evan@prodromou.name>2008-06-17 11:20:51 -0400
commit17504d018083f2a1dd2ea6a7453f0ffa5dddbc0c (patch)
treea1125f62d002d8048a07846c8a73e369edd9916c
parent00d898348b042efb6b6e443b85d1e6c801dbd3ce (diff)
fixup &
darcs-hash:20080617152051-84dde-bc311c05a6cb15cdc5ac52f56964fa98f42f3927.gz
-rw-r--r--actions/openidlogin.php7
1 files changed, 6 insertions, 1 deletions
diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index a9fbf7a26..5d0537998 100644
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -113,7 +113,12 @@ class OpenidloginAction extends Action {
$form_id = 'openid_message';
$form_html = $auth_request->formMarkup($trust_root, $process_url,
false, array('id' => $form_id));
-
+
+ # XXX: This is cheap, but things choke if we don't escape ampersands
+ # in the HTML attributes
+
+ $form_html = preg_replace('/&/', '&amp;', $form_html);
+
// Display an error if the form markup couldn't be generated;
// otherwise, render the HTML.
if (Auth_OpenID::isFailure($form_html)) {