Add no_redirect GET param support to avoid sending useless params on logout - refs BT#9701

11 years ago · 6ea7de0054
parent 2d368bf75f
commit 6ea7de0054
1 changed files with 13 additions and 6 deletions
--- a/main/auth/sso/sso.Drupal.class.php
+++ b/main/auth/sso/sso.Drupal.class.php
@ -52,7 +52,11 @@ class ssoDrupal
     */
    public function logout()
    {
-        header('Location: '.$this->deauth_url);
+        if (empty($_GET['no_redirect'])) {
+            header('Location: '.$this->deauth_url);
+        } else {
+            header('Location: '.$this->protocol.$this->domain);
+        }
        exit;
    }

@ -64,11 +68,14 @@ class ssoDrupal
        // Generate a single usage token that must be encoded by the master
        $_SESSION['sso_challenge'] = api_generate_password(48);
        // Redirect browser to the master URL
-        $params = 'sso_referer='.urlencode($this->referer).'&sso_target='.urlencode($this->target).'&sso_challenge='.urlencode($_SESSION['sso_challenge']);
-        if (strpos($this->master_url, "?") === false) {
-            $params = "?{$params}";
-        } else {
-            $params = "&{$params}";
+        $params = '';
+        if (empty($_GET['no_redirect'])) {
+            $params = 'sso_referer='.urlencode($this->referer).'&sso_target='.urlencode($this->target).'&sso_challenge='.urlencode($_SESSION['sso_challenge']);
+            if (strpos($this->master_url, "?") === false) {
+                $params = "?{$params}";
+            } else {
+                $params = "&{$params}";
+            }
        }
        header('Location: '.$this->master_url.$params);
        exit;