Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix reflected XSS
  • Loading branch information
Andy Beverley committed Feb 9, 2021
1 parent aa30055 commit 7a1f90b
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions lib/Lenio.pm
Expand Up @@ -646,6 +646,9 @@ any ['get', 'post'] => '/ticket/:id?' => require_login sub {
}
elsif (defined($id) && !body_parameters->get('submit'))
{
my $site_id = query_parameters->get('site_id')
? int(query_parameters->get('site_id'))
: session('site_id');
# If applicable, Prefill ticket fields with initial values based on task
if ($task)
{
Expand All @@ -660,13 +663,13 @@ any ['get', 'post'] => '/ticket/:id?' => require_login sub {
planned => $date,
actionee => $task->global ? 'external' : 'local',
task_id => $task->id,
site_id => query_parameters->get('site_id') || session('site_id'),
site_id => $site_id,
});
}
}
else {
$ticket = rset('Ticket')->new({
site_id => query_parameters->get('site_id') || session('site_id'),
site_id => $site_id,
});
}
}
Expand Down

0 comments on commit 7a1f90b

Please sign in to comment.