diff options
| author | RussellAult <RussellAult@users.noreply.github.com> | 2019-11-10 15:49:57 -0700 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-11-13 14:05:03 +0100 |
| commit | 19791b2460bf7cdf17437d9ebab4d83b60270a3f (patch) | |
| tree | a57d66b1926a3787e107ae7397294951492a7c5d /core/Controller | |
| parent | d9204f61ead5f5c95cbef21a5d6fc40ac2d1861a (diff) | |
| download | nextcloud-server-19791b2460bf7cdf17437d9ebab4d83b60270a3f.tar.gz nextcloud-server-19791b2460bf7cdf17437d9ebab4d83b60270a3f.zip | |
Check getRedirectUri() for queries
Resolves Issue #17885
Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'.
Signed-off-by: RussellAult <russellault@users.noreply.github.com>
Diffstat (limited to 'core/Controller')
| -rw-r--r-- | core/Controller/ClientFlowLoginController.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/core/Controller/ClientFlowLoginController.php b/core/Controller/ClientFlowLoginController.php index bffedf19224..ba594469a7f 100644 --- a/core/Controller/ClientFlowLoginController.php +++ b/core/Controller/ClientFlowLoginController.php @@ -6,6 +6,7 @@ * @author Lukas Reschke <lukas@statuscode.ch> * @author Morris Jobke <hey@morrisjobke.de> * @author Roeland Jago Douma <roeland@famdouma.nl> + * @author Russell Ault <russell@auksnest.ca> * * @license GNU AGPL version 3 or any later version * @@ -337,9 +338,16 @@ class ClientFlowLoginController extends Controller { $accessToken->setTokenId($generatedToken->getId()); $this->accessTokenMapper->insert($accessToken); - $redirectUri = sprintf( - '%s?state=%s&code=%s', - $client->getRedirectUri(), + $redirectUri = $client->getRedirectUri(); + + if (parse_url($redirectUri, PHP_URL_QUERY)) { + $redirectUri .= '&'; + } else { + $redirectUri .= '?'; + } + + $redirectUri .= sprintf( + 'state=%s&code=%s', urlencode($this->session->get('oauth.state')), urlencode($code) ); |