Remove the deprecated Strings::escapeTags, as we now rely on Smarty to catch HTML tags.

This commit is contained in:
very-ape 2021-05-17 12:30:07 -07:00
parent 026767d07e
commit c6aa212ea4

View file

@ -281,21 +281,19 @@ function saml_addon_admin(&$a, &$o)
function saml_addon_admin_post(&$a) function saml_addon_admin_post(&$a)
{ {
$safeset = function ($key) { $set = function ($key) {
$val = (!empty($_POST[$key]) ? Strings::escapeTags(trim($_POST[$key])) : ''); $val = (!empty($_POST[$key]) ? trim($_POST[$key]) : '');
DI::config()->set('saml', $key, $val); DI::config()->set('saml', $key, $val);
}; };
$safeset('idp_id'); $set('idp_id');
$safeset('client_id'); $set('client_id');
$safeset('sso_url'); $set('sso_url');
$safeset('slo_request_url'); $set('slo_request_url');
$safeset('slo_response_url'); $set('slo_response_url');
$safeset('sp_key'); $set('sp_key');
$safeset('sp_cert'); $set('sp_cert');
$safeset('idp_cert'); $set('idp_cert');
$set('settings_statement');
// Not using safeset here since settings_statement is *meant* to include HTML tags.
DI::config()->set('saml', 'settings_statement', $_POST['settings_statement']);
} }
function saml_create_user($username, $email, $name) function saml_create_user($username, $email, $name)