From 17504d018083f2a1dd2ea6a7453f0ffa5dddbc0c Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Tue, 17 Jun 2008 11:20:51 -0400
Subject: fixup &

darcs-hash:20080617152051-84dde-bc311c05a6cb15cdc5ac52f56964fa98f42f3927.gz
---
 actions/openidlogin.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'actions/openidlogin.php')

diff --git a/actions/openidlogin.php b/actions/openidlogin.php
index a9fbf7a26..5d0537998 100644
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -113,7 +113,12 @@ class OpenidloginAction extends Action {
 			$form_id = 'openid_message';
 			$form_html = $auth_request->formMarkup($trust_root, $process_url,
 												   false, array('id' => $form_id));
-
+			
+			# XXX: This is cheap, but things choke if we don't escape ampersands
+			# in the HTML attributes
+			
+			$form_html = preg_replace('/&/', '&amp;', $form_html);
+			
 			// Display an error if the form markup couldn't be generated;
 			// otherwise, render the HTML.
 			if (Auth_OpenID::isFailure($form_html)) {
-- 
cgit v1.2.3-54-g00ecf