From 59a2b3a653f28856d78d506ddeb7c15603c9d57c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Sat, 24 Jun 2017 11:18:00 +0200
Subject: [PATCH] utils: make sure user_nameid/user_email cannot be forged
 (#17173)

---
 combo/utils.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/combo/utils.py b/combo/utils.py
index 6524550..a633660 100644
--- a/combo/utils.py
+++ b/combo/utils.py
@@ -180,6 +180,8 @@ def get_templated_url(url, context=None):
     if context:
         template_vars.update(context)
         user = getattr(context.get('request'), 'user', None)
+        template_vars['user_email'] = ''
+        template_vars['user_nameid'] = ''
         if user and user.is_authenticated():
             template_vars['user_email'] = quote(user.email)
             if hasattr(user, 'saml_identifiers') and user.saml_identifiers.exists():
-- 
2.13.1