Prevent cross site migration (#3594)

- php-cs-fixer applied
- Added new 'cross_migration_message'
- errors.blade.php - unescape characters

app/Http/Controllers/Migration/StepsController.php

@@ -114,6 +114,10 @@ class StepsController extends BaseController
             return redirect($this->access['auth']['redirect']);
         }
 
+        if (auth()->user()->email !== $request->email) {
+            return back()->with('responseErrors', [trans('texts.cross_migration_message')]);
+        }
+
         $authentication = (new AuthService($request->email, $request->password))
             ->endpoint(session('MIGRATION_ENDPOINT'))
             ->start();

resources/lang/en/texts.php

@@ -3535,6 +3535,7 @@ $LANG = array(
     'marked_credit_as_sent' => 'Successfully marked credit as sent',
     'email_subject_payment_partial' => 'Email Partial Payment Subject',
     'is_approved' => 'Is Approved',
+    'cross_migration_message' => 'Cross account migration is not allowed. Please read more about it here: <a href="https://invoiceninja.github.io/cross-site-migration.html">https://invoiceninja.github.io/cross-site-migration.html</a>'
 );
 
 return $LANG;

resources/views/migration/includes/errors.blade.php

@@ -1,9 +1,7 @@
 @if(session('responseErrors'))
 <div class="alert alert-danger">
-    <ul>
     @foreach(session('responseErrors') as $error)
-        <li>{{ $error }}</li>
+        <p>{!! $error !!}</p>
     @endforeach
-    </ul>
 </div>
 @endif