Fix Cross Site Scripting in user/_signin

author: Gareth Rees <gareth@mysociety.org> 2014-10-01 17:13:59 +0100
committer: Louise Crow <louise.crow@gmail.com> 2014-12-18 15:16:38 +0000
commit: a9308e8c9d44cf7ff0f659bccc6b1235a8a81ee2 (patch)
tree: 8066503eab424745182003f9366904f5cf107721
parent: 90a69bd6277152be141dd43577bb516e023c98d6 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/user/_signin.html.erb b/app/views/user/_signin.html.erb
index afc55d249..396caf184 100644
--- a/app/views/user/_signin.html.erb
+++ b/app/views/user/_signin.html.erb
@@ -18,7 +18,7 @@
     </p>
 
     <p class="form_note">
-    <%= link_to _('Forgotten your password?'), signchangepassword_path + "?pretoken=" + h(params[:token]), :tabindex => 30 %>
+    <%= link_to _('Forgotten your password?'), signchangepassword_path(:pretoken => h(params[:token])), :tabindex => 30 %>
     </p>
 
     <p class="form_checkbox">
author	Gareth Rees <gareth@mysociety.org>	2014-10-01 17:13:59 +0100
committer	Louise Crow <louise.crow@gmail.com>	2014-12-18 15:16:38 +0000
commit	a9308e8c9d44cf7ff0f659bccc6b1235a8a81ee2 (patch)
tree	8066503eab424745182003f9366904f5cf107721
parent	90a69bd6277152be141dd43577bb516e023c98d6 (diff)