* Fix for open redirect in logout function * modified to PARAM_LOCALURL
This commit is contained in:
David Silva
GitHub
parent
c370cb1bee
commit
cd7159628a
1 changed files with 1 additions and 1 deletions
2
auth.php
2
auth.php
|
|
@ -642,7 +642,7 @@ class auth_plugin_userkey extends auth_plugin_base {
|
|||
public function user_logout_userkey() {
|
||||
global $CFG, $USER;
|
||||
|
||||
$redirect = required_param('return', PARAM_URL);
|
||||
$redirect = required_param('return', PARAM_LOCALURL);
|
||||
|
||||
// We redirect when user's session in Moodle already has expired
|
||||
// or the user is still logged in using "userkey" auth type.
|
||||
|
|
|
|||
Loading…
Reference in a new issue