Cutlery/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2025-07-09 03:14:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix XSS issue with logout reason param

Browse Source
This commit is contained in:
Shane Logsdon 2017-10-02 10:54:12 -04:00
parent b934d2cb0c
commit d83ba09f8e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Auth/AuthController.php
View File

@ -11,6 +11,7 @@ use Auth;
use Event; use Event;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers; use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Lang;
use Session; use Session;
use Utils; use Utils;
@ -204,7 +205,8 @@ class AuthController extends Controller
Session::flush(); Session::flush();
if ($reason = request()->reason) { $reason = htmlentities(request()->reason);
if (!empty($reason) && Lang::has("texts.{$reason}_logout")) {
Session::flash('warning', trans("texts.{$reason}_logout")); Session::flash('warning', trans("texts.{$reason}_logout"));
} }