The php function filter_var_array() with flag FILTER_SANITIZE_URL strips umlauts from the input string. But umlauts actually are valid url characters.
I suggest to use htmlspecialchars() function instead to sanitize the redirect url.
Or nothing at all, the requested redirect uri gets checked against the redirect url of the registered client anyway.
The php function filter_var_array() with flag FILTER_SANITIZE_URL strips umlauts from the input string. But umlauts actually are valid url characters. I suggest to use htmlspecialchars() function instead to sanitize the redirect url. Or nothing at all, the requested redirect uri gets checked against the redirect url of the registered client anyway.