Potentiel data leak in "Invalid form authenticity token" error screen (#16511).

git-svn-id: http://svn.redmine.org/redmine/trunk@13041 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2014-04-05 08:19:55 +00:00
parent 380b0515d1
commit 4920bb9d4d
1 changed files with 1 additions and 0 deletions

View File

@ -44,6 +44,7 @@ class ApplicationController < ActionController::Base
unless api_request?
super
cookies.delete(autologin_cookie_name)
self.logged_user = nil
render_error :status => 422, :message => "Invalid form authenticity token."
end
end