1
0
Fork 0
mirror of https://github.com/omniauth/omniauth.git synced 2022-11-09 12:31:49 -05:00

Do not use postentially harmful error message in redirect

This commit is contained in:
Bobby McDonald 2022-08-18 19:40:30 -04:00
parent fce9e23dd4
commit 74526f0f12
No known key found for this signature in database
GPG key ID: CAD931A49619329A
2 changed files with 2 additions and 2 deletions

View file

@ -27,7 +27,7 @@ module OmniAuth
def redirect_to_failure def redirect_to_failure
message_key = env['omniauth.error.type'] message_key = env['omniauth.error.type']
new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}" new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
end end

View file

@ -1,3 +1,3 @@
module OmniAuth module OmniAuth
VERSION = '1.9.1'.freeze VERSION = '1.9.2'.freeze
end end