github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-20 10:25:32 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: don't echo the "strategy" param returned by auto provider

Browse Source
This commit is contained in:
Sam 2015-01-06 16:28:29 +11:00
parent f2b0115453
commit e6dba8adc2
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/users/omniauth_callbacks_controller.rb
View File

@ -47,7 +47,7 @@ class Users::OmniauthCallbacksController < ApplicationController
end end
def failure def failure
flash[:error] = I18n.t("login.omniauth_error", strategy: params[:strategy].titleize) flash[:error] = I18n.t("login.omniauth_error")
render layout: 'no_js' render layout: 'no_js'
end end

2
config/locales/server.en.yml
View File

@ -1141,7 +1141,7 @@ en:
errors: "%{errors}" errors: "%{errors}"
not_available: "Not available. Try %{suggestion}?" not_available: "Not available. Try %{suggestion}?"
something_already_taken: "Something went wrong, perhaps the username or email is already registered. Try the forgot password link." something_already_taken: "Something went wrong, perhaps the username or email is already registered. Try the forgot password link."
omniauth_error: "Sorry, there was an error authorizing your %{strategy} account. Perhaps you did not approve authorization?" omniauth_error: "Sorry, there was an error authorizing your account. Perhaps you did not approve authorization?"
omniauth_error_unknown: "Something went wrong processing your log in, please try again." omniauth_error_unknown: "Something went wrong processing your log in, please try again."
new_registrations_disabled: "New account registrations are not allowed at this time." new_registrations_disabled: "New account registrations are not allowed at this time."
password_too_long: "Passwords are limited to 200 characters." password_too_long: "Passwords are limited to 200 characters."