1.1 --- a/WebStack/Resources/OpenIDInitiation.py Sat Nov 17 00:49:08 2007 +0000
1.2 +++ b/WebStack/Resources/OpenIDInitiation.py Sat Nov 17 02:05:17 2007 +0000
1.3 @@ -22,6 +22,7 @@
1.4
1.5 import WebStack.Generic
1.6 import libxml2dom
1.7 +import cgi # for escape
1.8
1.9 class OpenIDInitiationResource:
1.10
1.11 @@ -30,7 +31,7 @@
1.12 encoding = "utf-8"
1.13 openid_ns = "http://specs.openid.net/auth/2.0"
1.14
1.15 - def __init__(self, openid_mode=None, use_redirect=1, urlencoding=None, encoding=None):
1.16 + def __init__(self, openid_mode=None, use_redirect=0, urlencoding=None, encoding=None):
1.17
1.18 """
1.19 Initialise the resource.
1.20 @@ -155,7 +156,7 @@
1.21
1.22 trans.set_content_type(WebStack.Generic.ContentType("text/html", self.encoding))
1.23 out = trans.get_response_stream()
1.24 - out.write(self.initiation_page % app)
1.25 + out.write(self.initiation_page % cgi.escape(app))
1.26
1.27 def show_success(self, trans, provider, app, claimed_identifier, local_identifier):
1.28
1.29 @@ -167,9 +168,9 @@
1.30
1.31 trans.set_content_type(WebStack.Generic.ContentType("text/html", self.encoding))
1.32 out = trans.get_response_stream()
1.33 - out.write(self.success_page % (
1.34 + out.write(self.success_page % tuple(map(cgi.escape, (
1.35 provider, self.openid_ns, self.openid_mode, app, claimed_identifier, local_identifier)
1.36 - )
1.37 + )))
1.38
1.39 initiation_page = """
1.40 <html>