From ef6998015f9e566d4f6c5c535cb31d167ec8c68a Mon Sep 17 00:00:00 2001 From: Simey Lameze Date: Wed, 2 Sep 2015 11:20:27 +0800 Subject: [PATCH] MDL-50884 auth_shibboleth: fix logout handler url generation This patch fixes the shibboleth redirect url generation, that can create invalid url if the shibboleth logout_handler setting has a parameter generating two parameters with (?) instead of (&). Thanks to Matteo Boni for the proposed solution. --- auth/shibboleth/auth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php index ddfe96f6e3c..a4cebd84043 100644 --- a/auth/shibboleth/auth.php +++ b/auth/shibboleth/auth.php @@ -210,7 +210,8 @@ class auth_plugin_shibboleth extends auth_plugin_base { } // Overwrite redirect in order to send user to Shibboleth logout page and let him return back - $redirect = $this->config->logout_handler.'?return='.urlencode($temp_redirect); + $redirecturl = new moodle_url($this->config->logout_handler, array('return' => $temp_redirect)); + $redirect = $redirecturl->out(); } }