From 308b9ddd4066dfa066118b4c0841d7220e78bb42 Mon Sep 17 00:00:00 2001
From: Nazar Gargol <nazargargol@gmail.com>
Date: Mon, 29 Oct 2018 10:19:45 +0100
Subject: [PATCH] Fixed sanitization issue in subscribers

no issue

- Added sanitization to subscribed_url & subscribed_referrer fields when rendering error state

Credits: Antony Garand
---
 core/server/apps/subscribers/lib/router.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/server/apps/subscribers/lib/router.js b/core/server/apps/subscribers/lib/router.js
index ca49b45ff8..5499d10bc1 100644
--- a/core/server/apps/subscribers/lib/router.js
+++ b/core/server/apps/subscribers/lib/router.js
@@ -32,6 +32,8 @@ function _renderer(req, res) {
  */
 function errorHandler(error, req, res, next) {
     req.body.email = '';
+    req.body.subscribed_url = santizeUrl(req.body.subscribed_url);
+    req.body.subscribed_referrer = santizeUrl(req.body.subscribed_referrer);
 
     if (error.statusCode !== 404) {
         res.locals.error = error;