From ab0ccc6731454dfabebf06513a750cc8c188b416 Mon Sep 17 00:00:00 2001
From: Charles Fulton <mackensen@gmail.com>
Date: Wed, 5 Dec 2012 11:18:37 -0800
Subject: [PATCH] MDL-37020 auth_shibboleth: check if target variable is
 actually set

---
 auth/shibboleth/index.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/auth/shibboleth/index.php b/auth/shibboleth/index.php
index 88caf30d583..61f6ba877f8 100644
--- a/auth/shibboleth/index.php
+++ b/auth/shibboleth/index.php
@@ -7,7 +7,10 @@
     $PAGE->set_url('/auth/shibboleth/index.php');
 
     // Support for WAYFless URLs.
-    $SESSION->wantsurl = optional_param('target', $SESSION->wantsurl, PARAM_LOCALURL);
+    $target = optional_param('target', '', PARAM_LOCALURL);
+    if (!empty($target)) {
+        $SESSION->wantsurl = $target;
+    }
 
     if (isloggedin() && !isguestuser()) {      // Nothing to do
         if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {