URLEncode logout attribute

Otherwise logout can fail if the requesttoken contains a +
This commit is contained in:
Lukas Reschke 2015-02-13 11:35:12 +01:00
parent dfcd4acd5a
commit 025110821f
3 changed files with 5 additions and 5 deletions

View file

@ -64,8 +64,7 @@ class SecureRandom implements ISecureRandom {
* Generate a random string of specified length.
* @param string $length The length of the generated string
* @param string $characters An optional list of characters to use if no characterlist is
* specified 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./
* is used.
* specified all valid base64 characters are used.
* @return string
* @throws \Exception If the generator is not initialized.
*/

View file

@ -366,7 +366,7 @@ class OC_User {
return $backend->getLogoutAttribute();
}
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
}
/**

View file

@ -53,9 +53,10 @@ interface ISecureRandom {
/**
* Generate a random string of specified length.
* @param string $length The length of the generated string
* @param string $characters An optional list of characters to use
* @param string $characters An optional list of characters to use if no characterlist is
* specified all valid base64 characters are used.
* @return string
* @throws \Exception
* @throws \Exception If the generator is not initialized.
*/
public function generate($length, $characters = '');
}