From c6aa212ea47ee081237fadc78db87d87e25f3fb3 Mon Sep 17 00:00:00 2001
From: very-ape <git@verya.pe>
Date: Mon, 17 May 2021 12:30:07 -0700
Subject: [PATCH] Remove the deprecated Strings::escapeTags, as we now rely on
 Smarty to catch HTML tags.

---
 saml/saml.php | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/saml/saml.php b/saml/saml.php
index 4d121888..ffcdd9da 100755
--- a/saml/saml.php
+++ b/saml/saml.php
@@ -281,21 +281,19 @@ function saml_addon_admin(&$a, &$o)
 
 function saml_addon_admin_post(&$a)
 {
-	$safeset = function ($key) {
-		$val = (!empty($_POST[$key]) ? Strings::escapeTags(trim($_POST[$key])) : '');
+	$set = function ($key) {
+		$val = (!empty($_POST[$key]) ? trim($_POST[$key]) : '');
 		DI::config()->set('saml', $key, $val);
 	};
-	$safeset('idp_id');
-	$safeset('client_id');
-	$safeset('sso_url');
-	$safeset('slo_request_url');
-	$safeset('slo_response_url');
-	$safeset('sp_key');
-	$safeset('sp_cert');
-	$safeset('idp_cert');
-
-	// Not using safeset here since settings_statement is *meant* to include HTML tags.
-	DI::config()->set('saml', 'settings_statement', $_POST['settings_statement']);
+	$set('idp_id');
+	$set('client_id');
+	$set('sso_url');
+	$set('slo_request_url');
+	$set('slo_response_url');
+	$set('sp_key');
+	$set('sp_cert');
+	$set('idp_cert');
+	$set('settings_statement');
 }
 
 function saml_create_user($username, $email, $name)