URL encode logout url in session management JS; thanks Paolo Battino

bump to 2.4.1rc5 Signed-off-by: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
OpenIDC · Jan 22, 2020 · d361569 · d361569
1 parent 5aa7381
commit d361569
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 2 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -58,3 +58,4 @@ reporting bugs, providing fixes, suggesting useful features or other:
 	Aimoto Norihito <https://github.com/oss-aimoto>
 	Andy Lindeman <https://github.com/alindeman>
 	Stefan Wachter <https://github.com/swachter>
+	Paolo Battino
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+01/22/2020
+- URL encode logout url in session management JS; thanks Paolo Battino
+- bump to 2.4.1rc5
+
 01/15/2020
 - add value of OIDC_SET_COOKIE_APPEND env var to Set-Cookie headers
   useful for handling changing/upcoming SameSite behaviors across different browsers, e.g.:

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.1rc4],[hans.zandbelt@zmartzone.eu])
+AC_INIT([mod_auth_openidc],[2.4.1rc5],[hans.zandbelt@zmartzone.eu])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 

diff --git a/src/mod_auth_openidc.c b/src/mod_auth_openidc.c
@@ -3254,7 +3254,7 @@ static int oidc_handle_session_management_iframe_rp(request_rec *r, oidc_cfg *c,
 			"            }\n"
 			"		   } else {\n"
 			"              // either 'changed' + active session, or 'error': enforce a logout\n"
-			"              window.top.location.replace('%s?logout=' + window.top.location.href);\n"
+			"              window.top.location.replace('%s?logout=' + encodeURIComponent(window.top.location.href));\n"
 			"          }\n"
 			"        }\n"
 			"      }\n"