URLEncode logout attribute

Otherwise logout can fail if the requesttoken contains a +

2 files changed, 2 insertions, 3 deletions

diff --git a/lib/private/security/securerandom.php b/lib/private/security/securerandom.php
index 2402e863fb0..b1169bff289 100644
--- a/lib/private/security/securerandom.php
+++ b/lib/private/security/securerandom.php
@@ -64,8 +64,7 @@ class SecureRandom implements ISecureRandom {
 	 * Generate a random string of specified length.
 	 * @param string $length The length of the generated string
 	 * @param string $characters An optional list of characters to use if no characterlist is
-	 * 							specified 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./
-	 * 							is used.
+	 * 							specified all valid base64 characters are used.
 	 * @return string
 	 * @throws \Exception If the generator is not initialized.
 	 */
diff --git a/lib/private/user.php b/lib/private/user.php
index d1fedffcaaf..10457c224f2 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -366,7 +366,7 @@ class OC_User {
 			return $backend->getLogoutAttribute();
 		}
 
-		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
+		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
 	}
 
 	/**