From e6dba8adc2f445fb5877f1cfe5dfa786151813a3 Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 6 Jan 2015 16:28:29 +1100 Subject: [PATCH] SECURITY: don't echo the "strategy" param returned by auto provider --- app/controllers/users/omniauth_callbacks_controller.rb | 2 +- config/locales/server.en.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 12c9e793e89..e710eda62b7 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -47,7 +47,7 @@ class Users::OmniauthCallbacksController < ApplicationController end def failure - flash[:error] = I18n.t("login.omniauth_error", strategy: params[:strategy].titleize) + flash[:error] = I18n.t("login.omniauth_error") render layout: 'no_js' end diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index e090281e9b7..4336554659c 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -1141,7 +1141,7 @@ en: errors: "%{errors}" not_available: "Not available. Try %{suggestion}?" something_already_taken: "Something went wrong, perhaps the username or email is already registered. Try the forgot password link." - omniauth_error: "Sorry, there was an error authorizing your %{strategy} account. Perhaps you did not approve authorization?" + omniauth_error: "Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?" omniauth_error_unknown: "Something went wrong processing your log in, please try again." new_registrations_disabled: "New account registrations are not allowed at this time." password_too_long: "Passwords are limited to 200 characters."