From cd7159628a511a540d7f13f65158402b59bedb11 Mon Sep 17 00:00:00 2001
From: David Silva <148460873+Cyber-Wo0dy@users.noreply.github.com>
Date: Sat, 11 Nov 2023 07:25:34 -0300
Subject: [PATCH] Issue #97: Fix for open redirect in logout function (#99)

* Fix for open redirect in logout function

* modified to PARAM_LOCALURL
---
 auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auth.php b/auth.php
index 0f29683..69943d4 100644
--- a/auth.php
+++ b/auth.php
@@ -642,7 +642,7 @@ public function logoutpage_hook() {
     public function user_logout_userkey() {
         global $CFG, $USER;
 
-        $redirect = required_param('return', PARAM_URL);
+        $redirect = required_param('return', PARAM_LOCALURL);
 
         // We redirect when user's session in Moodle already has expired
         // or the user is still logged in using "userkey" auth type.