lib/omniauth/failure_endpoint.rb in omniauth-1.9.1 vs lib/omniauth/failure_endpoint.rb in omniauth-1.9.2
- old
+ new
@@ -25,10 +25,10 @@
raise(env['omniauth.error'] || OmniAuth::Error.new(env['omniauth.error.type']))
end
def redirect_to_failure
message_key = env['omniauth.error.type']
- new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{message_key}#{origin_query_param}#{strategy_name_query_param}"
+ new_path = "#{env['SCRIPT_NAME']}#{OmniAuth.config.path_prefix}/failure?message=#{Rack::Utils.escape(message_key)}#{origin_query_param}#{strategy_name_query_param}"
Rack::Response.new(['302 Moved'], 302, 'Location' => new_path).finish
end
def strategy_name_query_param
return '' unless env['omniauth.error.strategy']