Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

don't escape confirmation mail templates.

Browse Source 
This patch would fix at least a part of issue #381 and #420, if it would be applied to all necessary blade files.
This could be a security problem as user now maybe can enter malicious code? I am not smart enough to know these php internals.
This commit is contained in:
Christian González 2015-09-03 02:50:32 +02:00
parent 5bf287f51a
commit d30f14d5d3
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
resources/views/emails/confirm_text.blade.php
View File

@ -1,7 +1,7 @@
{{ trans('texts.confirmation_header') }}
{!! trans('texts.confirmation_header') !!}
{{ $invitationMessage . trans('texts.confirmation_message') }}
{!! $invitationMessage . trans('texts.confirmation_message') !!}
{!! URL::to("user/confirm/{$user->confirmation_code}") !!}
{{ trans('texts.email_signature') }}
{{ trans('texts.email_from') }}
{!! trans('texts.email_signature') !!}
{!! trans('texts.email_from') !!}