Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-10 05:02:36 +01:00
Code Issues Releases Activity

Merge pull request #1687 from slogsdon/#1686-fix-logout-xss

Browse Source 
fix XSS issue with logout reason param
This commit is contained in:
Hillel Coren 2017-10-02 18:14:48 +03:00 committed by GitHub
commit 2f4aa381bf
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Auth/AuthController.php
View File

@ -11,6 +11,7 @@ use Auth;
use Event;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;
use Lang;
use Session;
use Utils;
@ -204,7 +205,8 @@ class AuthController extends Controller
Session::flush();
if ($reason = request()->reason) {
$reason = htmlentities(request()->reason);
if (!empty($reason) && Lang::has("texts.{$reason}_logout")) {
Session::flash('warning', trans("texts.{$reason}_logout"));
}