Potentiel data leak in "Invalid form authenticity token" error screen (#16511).

git-svn-id: http://svn.redmine.org/redmine/trunk@13041 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5e5b297c242d5dee687bb02f310b73f1c7d72bac..b979044f82bd28932ecaf6a0ff41be7ee3fa8149 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -44,6 +44,7 @@ class ApplicationController < ActionController::Base
     unless api_request?
       super
       cookies.delete(autologin_cookie_name)
+      self.logged_user = nil
       render_error :status => 422, :message => "Invalid form authenticity token."
     end
   end