Merge pull request #4782 from laboro/bug/CRM-3609_1.6

CRM-3609: Open Redirect Security Issue.
oroinc · Jul 7, 2015 · e944817 · e944817
2 parents 07c1dbb + ad50f19
commit e944817
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/Oro/Bundle/UserBundle/Resources/public/js/init-signin.js b/src/Oro/Bundle/UserBundle/Resources/public/js/init-signin.js
@@ -1,5 +1,8 @@
 /* jshint browser:true */
 /* global require */
+/**
+ * @deprecated since 1.8 because of vulnerability for "phishing" attack
+ */
 require(['jquery'],
 function($) {
     'use strict';
@@ -21,4 +24,4 @@ function($) {
             $('input[name="_target_path"]').val(hashUrl);
         }
     });
-});
+});
diff --git a/src/Oro/Bundle/UserBundle/Resources/views/layout.html.twig b/src/Oro/Bundle/UserBundle/Resources/views/layout.html.twig
@@ -13,7 +13,7 @@
 
     {% include 'OroRequireJSBundle::scripts.html.twig' with {compressed: not app.debug} %}
     <script type="text/javascript">
-        require(['jquery', 'oroui/js/init-layout', 'orouser/js/init-signin'],
+        require(['jquery', 'oroui/js/init-layout'],
         function($) {
             $(function() {
                 // emulates 'document ready state' for selenium tests