Fixed sanitization issue in subscribers

no issue - Added sanitization to subscribed_url & subscribed_referrer fields when rendering error state Credits: Antony Garand
2025-01-20 22:42:53 -05:00 · 2018-10-29 10:19:45 +01:00 · 2018-10-29 10:19:45 +01:00 · 305d13e5c4
commit 305d13e5c4
parent eb22429338
1 changed files with 2 additions and 0 deletions
--- a/core/server/apps/subscribers/lib/router.js
+++ b/core/server/apps/subscribers/lib/router.js
@ -35,6 +35,8 @@ function _renderer(req, res) {
 */
 function errorHandler(error, req, res, next) {
    req.body.email = '';
+    req.body.subscribed_url = santizeUrl(req.body.subscribed_url);
+    req.body.subscribed_referrer = santizeUrl(req.body.subscribed_referrer);

    if (error.statusCode !== 404) {
        res.locals.error = error;