Issue #97: Fix for open redirect in logout function (#99)

* Fix for open redirect in logout function

* modified to PARAM_LOCALURL
This commit is contained in:
David Silva 2023-11-11 07:25:34 -03:00 committed by GitHub
parent c370cb1bee
commit cd7159628a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -642,7 +642,7 @@ class auth_plugin_userkey extends auth_plugin_base {
public function user_logout_userkey() { public function user_logout_userkey() {
global $CFG, $USER; global $CFG, $USER;
$redirect = required_param('return', PARAM_URL); $redirect = required_param('return', PARAM_LOCALURL);
// We redirect when user's session in Moodle already has expired // We redirect when user's session in Moodle already has expired
// or the user is still logged in using "userkey" auth type. // or the user is still logged in using "userkey" auth type.