From 305d13e5c4aef424e36b640a1e1dd0d65f8698c7 Mon Sep 17 00:00:00 2001
From: Nazar Gargol <nazargargol@gmail.com>
Date: Mon, 29 Oct 2018 10:19:45 +0100
Subject: [PATCH] Fixed sanitization issue in subscribers

no issue

- Added sanitization to subscribed_url & subscribed_referrer fields when rendering error state

Credits: Antony Garand
---
 core/server/apps/subscribers/lib/router.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/server/apps/subscribers/lib/router.js b/core/server/apps/subscribers/lib/router.js
index 8be329cc19..a68cf7e1d2 100644
--- a/core/server/apps/subscribers/lib/router.js
+++ b/core/server/apps/subscribers/lib/router.js
@@ -35,6 +35,8 @@ function _renderer(req, res) {
  */
 function errorHandler(error, req, res, next) {
     req.body.email = '';
+    req.body.subscribed_url = santizeUrl(req.body.subscribed_url);
+    req.body.subscribed_referrer = santizeUrl(req.body.subscribed_referrer);
 
     if (error.statusCode !== 404) {
         res.locals.error = error;