From 74526f0f12133048b62157f90b2783ca95ba8c98 Mon Sep 17 00:00:00 2001
From: Bobby McDonald <bobbymcwho@gmail.com>
Date: Thu, 18 Aug 2022 19:40:30 -0400
Subject: [PATCH] Do not use postentially harmful error message in redirect

---
 lib/omniauth/failure_endpoint.rb | 2 +-
 lib/omniauth/version.rb          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/omniauth/failure_endpoint.rb b/lib/omniauth/failure_endpoint.rb
index 7c39a34..3d4e300 100644
--- a/lib/omniauth/failure_endpoint.rb
+++ b/lib/omniauth/failure_endpoint.rb
@@ -27,7 +27,7 @@ module OmniAuth
 
     def redirect_to_failure
       message_key = env['omniauth.error.type']
-      new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}"
+      new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
       Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
     end
 
diff --git a/lib/omniauth/version.rb b/lib/omniauth/version.rb
index ea777f2..0e123f8 100644
--- a/lib/omniauth/version.rb
+++ b/lib/omniauth/version.rb
@@ -1,3 +1,3 @@
 module OmniAuth
-  VERSION = '1.9.1'.freeze
+  VERSION = '1.9.2'.freeze
 end