FriendsOfSymfony / oauth2-php

A server implementation of OAuth 2.0
MIT License
515 stars 112 forks source link

Redirect url sanitization strips umlauts (öäü) #95

Open healerz opened 7 years ago

healerz commented 7 years ago

The php function filter_var_array() with flag FILTER_SANITIZE_URL strips umlauts from the input string. But umlauts actually are valid url characters. I suggest to use htmlspecialchars() function instead to sanitize the redirect url. Or nothing at all, the requested redirect uri gets checked against the redirect url of the registered client anyway.