Issue #97: Fix for open redirect in logout function (#99)

* Fix for open redirect in logout function * modified to PARAM_LOCALURL
catalyst · Nov 11, 2023 · cd71596 · cd71596
1 parent c370cb1
commit cd71596
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/auth.php b/auth.php
@@ -642,7 +642,7 @@ public function logoutpage_hook() {
     public function user_logout_userkey() {
         global $CFG, $USER;
 
-        $redirect = required_param('return', PARAM_URL);
+        $redirect = required_param('return', PARAM_LOCALURL);
 
         // We redirect when user's session in Moodle already has expired
         // or the user is still logged in using "userkey" auth type.