Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1687 from slogsdon/#1686-fix-logout-xss

Browse Source 
fix XSS issue with logout reason param
This commit is contained in:
Hillel Coren 2017-10-02 18:14:48 +03:00 committed by GitHub
commit 2f4aa381bf
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Auth/AuthController.php
View File

@ -11,6 +11,7 @@ use Auth;
use Event; use Event;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers; use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Lang;
use Session; use Session;
use Utils; use Utils;
@ -204,7 +205,8 @@ class AuthController extends Controller
Session::flush(); Session::flush();
if ($reason = request()->reason) { $reason = htmlentities(request()->reason);
if (!empty($reason) && Lang::has("texts.{$reason}_logout")) {
Session::flash('warning', trans("texts.{$reason}_logout")); Session::flash('warning', trans("texts.{$reason}_logout"));
} }