Commit 6b958498 authored by Xavier Guimard's avatar Xavier Guimard

Fix #1390 XSS for 2.0

parent 8d4f617e
......@@ -118,7 +118,15 @@ sub _buildAuthLoop {
if ( $auth and $userDB and $passwordDB ) {
# Default URL
$url = ( defined $url ? $url .= $req->env->{'REQUEST_URI'} : '#' );
if ( defined $url
and not $self->p->checkXSSAttack( 'URI',
$req->env->{'REQUEST_URI'} ) )
{
$url .= $req->env->{'REQUEST_URI'};
}
else {
$url = '#';
}
$self->logger->debug("Use URL $url");
# Options to store in the loop
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment