Fix possible xpath injection

SAML-Toolkits · Apr 29, 2015 · 9853651 · 9853651
1 parent 45f9493
commit 9853651
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/xml_security.rb b/lib/xml_security.rb
@@ -256,7 +256,7 @@ def validate_signature(base64_cert, soft = true)
       REXML::XPath.each(@sig_element, "//ds:Reference", {"ds"=>DSIG}) do |ref|
         uri = ref.attributes.get_attribute("URI").value
 
-        hashed_element = document.at_xpath("//*[@ID='#{uri[1..-1]}']")
+        hashed_element = document.at_xpath("//*[@ID=$uri]", nil, { 'uri' => uri[1..-1] })
         canon_algorithm = canon_algorithm REXML::XPath.first(
           ref,
           '//ds:CanonicalizationMethod',