X-Git-Url: https://code.citadel.org/?p=citadel.git;a=blobdiff_plain;f=citadel%2Fmodules%2Fxmpp%2Fxmpp_sasl_service.c;h=a9d73b3602b483a4cb383e459a0bbf2e377ada57;hp=8e952d2c83de3d3ec8542cb4dbd3b0eb3fb49063;hb=6a969c7e8f80199f8b8bd5d76b40eb3f53ab3ca4;hpb=8659e3ab60c4ae8dc444963266c886dad8a4c6a6

diff --git a/citadel/modules/xmpp/xmpp_sasl_service.c b/citadel/modules/xmpp/xmpp_sasl_service.c
index 8e952d2c8..a9d73b360 100644
--- a/citadel/modules/xmpp/xmpp_sasl_service.c
+++ b/citadel/modules/xmpp/xmpp_sasl_service.c
@@ -156,6 +156,7 @@ void xmpp_sasl_auth(char *sasl_auth_mech, char *authstring) {
  */
 void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, char *resource) {
 	int result;
+	char xmlbuf[256];
 
         if (CC->logged_in) CtdlUserLogout();  /* Client may try to log in twice.  Handle this. */
 
@@ -163,13 +164,13 @@ void xmpp_non_sasl_authenticate(char *iq_id, char *username, char *password, cha
 	if (result == login_ok) {
 		result = CtdlTryPassword(password);
 		if (result == pass_ok) {
-			cprintf("<iq type=\"result\" id=\"%s\"></iq>", iq_id);	/* success */
+			cprintf("<iq type=\"result\" id=\"%s\"></iq>", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));	/* success */
 			return;
 		}
 	}
 
 	/* failure */
-	cprintf("<iq type=\"error\" id=\"%s\">", iq_id);
+	cprintf("<iq type=\"error\" id=\"%s\">", xmlesc(xmlbuf, iq_id, sizeof xmlbuf));
 	cprintf("<error code=\"401\" type=\"auth\">"
 		"<not-authorized xmlns=\"urn:ietf:params:xml:ns:xmpp-stanzas\"/>"
 		"</error>"