More targeted parameter stripping.

- Resolves VUFIND-1020.

More targeted parameter stripping.
- Resolves VUFIND-1020.
e94ea80c · Demian Katz · d7e4dad7 · e94ea80c
Commit e94ea80c authored 10 years ago by Demian Katz
--- a/module/VuFind/src/VuFind/Controller/MyResearchController.php
+++ b/module/VuFind/src/VuFind/Controller/MyResearchController.php
@@ -248,8 +248,14 @@ class MyResearchController extends AbstractBase
                $logoutTarget = $this->getServerUrl('home');
            }

-            // clear querystring parameters
-            $logoutTarget = preg_replace('/\?.*/', '', $logoutTarget);
+            // If there is an auth_method parameter in the query, we should strip
+            // it out. Otherwise, the user may get stuck in an infinite loop of
+            // logging out and getting logged back in when using environment-based
+            // authentication methods like Shibboleth.
+            $logoutTarget = preg_replace(
+                '/([?&])auth_method=[^&]*&?/', '$1', $logoutTarget
+            );
+            $logoutTarget = rtrim($logoutTarget, '?');
        }

        return $this->redirect()