MDL-50884 auth_shibboleth: fix logout handler url generation
authorSimey Lameze <simey@moodle.com>
Wed, 2 Sep 2015 03:20:27 +0000 (11:20 +0800)
committerSimey Lameze <simey@moodle.com>
Mon, 14 Sep 2015 01:48:55 +0000 (09:48 +0800)
This patch fixes the shibboleth redirect url generation, that can create invalid url
if the shibboleth logout_handler setting has a parameter generating two parameters
with (?) instead of (&).

Thanks to Matteo Boni for the proposed solution.

auth/shibboleth/auth.php

index ddfe96f..a4cebd8 100644 (file)
@@ -210,7 +210,8 @@ class auth_plugin_shibboleth extends auth_plugin_base {
             }
 
             // Overwrite redirect in order to send user to Shibboleth logout page and let him return back
-            $redirect = $this->config->logout_handler.'?return='.urlencode($temp_redirect);
+            $redirecturl = new moodle_url($this->config->logout_handler, array('return' => $temp_redirect));
+            $redirect = $redirecturl->out();
         }
     }