Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-08 20:22:42 +01:00
Code Issues Releases Activity

fix XSS issue with logout reason param

Browse Source
This commit is contained in:
Shane Logsdon 2017-10-02 10:54:12 -04:00
parent b934d2cb0c
commit d83ba09f8e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Controllers/Auth/AuthController.php
View File

@ -11,6 +11,7 @@ use Auth;
use Event;
use Illuminate\Foundation\Auth\AuthenticatesAndRegistersUsers;
use Illuminate\Http\Request;
use Lang;
use Session;
use Utils;
@ -204,7 +205,8 @@ class AuthController extends Controller
Session::flush();
if ($reason = request()->reason) {
$reason = htmlentities(request()->reason);
if (!empty($reason) && Lang::has("texts.{$reason}_logout")) {
Session::flash('warning', trans("texts.{$reason}_logout"));
}