[5.x] Sanitize password reset form redirect value (#14327)

jasonvarga · web-flow · commit 3259d659db75 · 2026-03-23T22:16:56.000-04:00
diff --git a/src/Auth/UserTags.php b/src/Auth/UserTags.php
@@ -444,7 +444,7 @@ public function resetPasswordForm()
         $html .= '<input type="hidden" name="token" value="'.$token.'" />';
 
         if ($redirect) {
-            $html .= '<input type="hidden" name="redirect" value="'.$redirect.'" />';
+            $html .= '<input type="hidden" name="redirect" value="'.e($redirect).'" />';
         }
 
         $html .= $this->parse($data);

Original file line number	Diff line number	Diff line change
`@@ -444,7 +444,7 @@ public function resetPasswordForm()`
`444`	`444`	`$html .= '<input type="hidden" name="token" value="'.$token.'" />';`
`445`	`445`
`446`	`446`	`if ($redirect) {`
`447`		`- $html .= '<input type="hidden" name="redirect" value="'.$redirect.'" />';`
	`447`	`+ $html .= '<input type="hidden" name="redirect" value="'.e($redirect).'" />';`
`448`	`448`	`}`
`449`	`449`
`450`	`450`	`$html .= $this->parse($data);`