From 4920bb9d4d9a13d97c21a621d3659967b57b93f4 2014-04-05 08:19:55
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: 2014-04-05 08:19:55
Subject: [PATCH] Potentiel data leak in "Invalid form authenticity token" error screen (#16511).

git-svn-id: http://svn.redmine.org/redmine/trunk@13041 e93f8b46-1217-0410-a6f0-8f06a7374b81

---

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 5e5b297..b979044 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -44,6 +44,7 @@ class ApplicationController < ActionController::Base
     unless api_request?
       super
       cookies.delete(autologin_cookie_name)
+      self.logged_user = nil
       render_error :status => 422, :message => "Invalid form authenticity token."
     end
   end