You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think we're seeing this issue with responses returning the encoded data.
For example the response we get back is encoded like & which has potential to break systems that rely on GET parameters.
Looks like htmlentities() function here. That's wrong. The getReturnUrl() function should return a simple URL string, not encoded for any particular use.
Until this is fixed, you can reverse it using html_entity_decode() (but maybe check for the presence of & entites first.
Changes from the closed PR #38 also appear in the merged PR #33.
The text was updated successfully, but these errors were encountered: