From d83ba09f8e82ba91e1b61c4c51dd4b04081d6697 Mon Sep 17 00:00:00 2001
From: Shane Logsdon <shane@shanelogsdon.com>
Date: Mon, 2 Oct 2017 10:54:12 -0400
Subject: [PATCH] fix XSS issue with logout reason param

---
 app/Http/Controllers/Auth/AuthController.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/AuthController.php b/app/Http/Controllers/Auth/AuthController.php
index b0c3c043fc50..b5e94002d62f 100644
--- a/app/Http/Controllers/Auth/AuthController.php
+++ b/app/Http/Controllers/Auth/AuthController.php
@@ -11,6 +11,7 @@ use Auth;
 use Event;
 use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
 use Illuminate\Http\Request;
+use Lang;
 use Session;
 use Utils;
 
@@ -204,7 +205,8 @@ class AuthController extends Controller
 
         Session::flush();
 
-        if ($reason = request()->reason) {
+        $reason = htmlentities(request()->reason);
+        if (!empty($reason) && Lang::has("texts.{$reason}_logout")) {
             Session::flash('warning', trans("texts.{$reason}_logout"));
         }