From b815965d3b6fcc4141451e23af081677ddea894a Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Mon, 6 Jun 2016 11:50:45 +0200
Subject: [PATCH] Fix another issue with URLs not being validated before
 displaying them into a page. Reported by John Page (hyp3rlinx).

---
 www/logout.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/www/logout.php b/www/logout.php
index 220449af3..b87ca89b7 100644
--- a/www/logout.php
+++ b/www/logout.php
@@ -5,8 +5,7 @@ require_once('_include.php');
 $config = SimpleSAML_Configuration::getInstance();
 
 if (array_key_exists('link_href', $_REQUEST)) {
-    $link = (string) $_REQUEST['link_href'];
-    $link = \SimpleSAML\Utils\HTTP::normalizeURL($link);
+    $link = \SimpleSAML\Utils\HTTP::checkURLAllowed($_REQUEST['link_href']);
 } else {
     $link = 'index.php';
 }
-- 
GitLab