MDL-37020 auth_shibboleth: check if target variable is actually set

Mrmoodle · Dec 5, 2012 · ab0ccc6 · ab0ccc6
1 parent 0395306
commit ab0ccc6
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/auth/shibboleth/index.php b/auth/shibboleth/index.php
@@ -7,7 +7,10 @@
     $PAGE->set_url('/auth/shibboleth/index.php');
 
     // Support for WAYFless URLs.
-    $SESSION->wantsurl = optional_param('target', $SESSION->wantsurl, PARAM_LOCALURL);
+    $target = optional_param('target', '', PARAM_LOCALURL);
+    if (!empty($target)) {
+        $SESSION->wantsurl = $target;
+    }
 
     if (isloggedin() && !isguestuser()) {      // Nothing to do
         if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {