From a90fd3d622082a74e0eab63c330102c553714a42 Mon Sep 17 00:00:00 2001
From: Martin <martin.vanes@surf.nl>
Date: Tue, 20 Jul 2021 21:56:21 +0200
Subject: [PATCH] Improve explanations

---
 .gitignore                                    | 36 +++++++++++++++++++
 .../customauth/templates/authenticate.tpl.php |  2 +-
 modules/customauth/www/authpage.php           |  5 ++-
 3 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..36c0c24
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,36 @@
+composer.json
+composer.lock
+CONTRIBUTING.md
+COPYING
+LICENSE
+package-lock.json
+package.json
+README.org
+SECURITY.md
+TESTING.md
+webpack.config.js
+attributemap/
+bin/
+cert/
+config-templates/
+config/
+dictionaries/
+docs/
+extra/
+lib/
+locales/
+log/
+metadata-templates/
+metadata/
+modules/
+phpcs.xml
+phpunit.xml
+routing/
+schemas/
+src/
+templates/
+tests/
+vendor/
+www/
+
+
diff --git a/modules/customauth/templates/authenticate.tpl.php b/modules/customauth/templates/authenticate.tpl.php
index 328e80a..dad7cd1 100644
--- a/modules/customauth/templates/authenticate.tpl.php
+++ b/modules/customauth/templates/authenticate.tpl.php
@@ -99,7 +99,7 @@
         user = this.value;
         for (let key in users[user]) {
             attribute = users[user][key];
-            attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + " value='" + users[user][key] + "'><span title=\"" + message[key] + "\">" + key + "</span><br>\n";
+            attributes += "<input id=chkbx_" + key + " type=checkbox name=keys[" + key + "] " + (keys[key]?'checked':'') + " value='" + users[user][key] + "'><span title='" + message[key] + "'>" + key + "</span><br>\n";
         };
 	$('#explanation').html(explanations[user]);
         $('#attributes').html(attributes);
diff --git a/modules/customauth/www/authpage.php b/modules/customauth/www/authpage.php
index e73f543..6487068 100644
--- a/modules/customauth/www/authpage.php
+++ b/modules/customauth/www/authpage.php
@@ -37,7 +37,10 @@ if (!preg_match('@State=(.*)@', $returnTo, $matches)) {
 
 // our list of users.
 $raw_users = json_decode(file_get_contents('/opt/simplesamlphp/config/logins.json'), true);
-$attributes = json_decode(file_get_contents('/opt/simplesamlphp/config/attributes.json'), true);
+$attr_raw = json_decode(file_get_contents('/opt/simplesamlphp/config/attributes.json'), true);
+foreach($attr_raw as $attribute => $value) {
+  $attributes[$attribute] = htmlentities($value, ENT_QUOTES);
+}
 
 $users = [];
 $explanations = [];
-- 
GitLab