diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2014-04-05 08:19:55 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2014-04-05 08:19:55 +0000 |
| commit | 4920bb9d4d9a13d97c21a621d3659967b57b93f4 (patch) | |
| tree | 62600b72d7f41e3bf6eed6b8d7da86fab0c36238 /app/controllers | |
| parent | 380b0515d11a3450c475ce7f2bbed2bd073d0df5 (diff) | |
| download | redmine-4920bb9d4d9a13d97c21a621d3659967b57b93f4.tar.gz redmine-4920bb9d4d9a13d97c21a621d3659967b57b93f4.zip | |
Potentiel data leak in "Invalid form authenticity token" error screen (#16511).
git-svn-id: http://svn.redmine.org/redmine/trunk@13041 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers')
| -rw-r--r-- | app/controllers/application_controller.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5e5b297c2..b979044f8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -44,6 +44,7 @@ class ApplicationController < ActionController::Base unless api_request? super cookies.delete(autologin_cookie_name) + self.logged_user = nil render_error :status => 422, :message => "Invalid form authenticity token." end end |