From 025110821f41ba55ec9deb2479ff7eb6b3e8b5c1 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Fri, 13 Feb 2015 11:35:12 +0100
Subject: [PATCH] URLEncode logout attribute

Otherwise logout can fail if the requesttoken contains a +
---
 lib/private/security/securerandom.php | 3 +--
 lib/private/user.php                  | 2 +-
 lib/public/security/isecurerandom.php | 5 +++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/private/security/securerandom.php b/lib/private/security/securerandom.php
index 2402e863fb..b1169bff28 100644
--- a/lib/private/security/securerandom.php
+++ b/lib/private/security/securerandom.php
@@ -64,8 +64,7 @@ class SecureRandom implements ISecureRandom {
 	 * Generate a random string of specified length.
 	 * @param string $length The length of the generated string
 	 * @param string $characters An optional list of characters to use if no characterlist is
-	 * 							specified 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./
-	 * 							is used.
+	 * 							specified all valid base64 characters are used.
 	 * @return string
 	 * @throws \Exception If the generator is not initialized.
 	 */
diff --git a/lib/private/user.php b/lib/private/user.php
index d1fedffcaa..10457c224f 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -366,7 +366,7 @@ class OC_User {
 			return $backend->getLogoutAttribute();
 		}
 
-		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
+		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . urlencode(OC_Util::callRegister()) . '"';
 	}
 
 	/**
diff --git a/lib/public/security/isecurerandom.php b/lib/public/security/isecurerandom.php
index 3de60f8d71..b4c488b7f3 100644
--- a/lib/public/security/isecurerandom.php
+++ b/lib/public/security/isecurerandom.php
@@ -53,9 +53,10 @@ interface ISecureRandom {
 	/**
 	 * Generate a random string of specified length.
 	 * @param string $length The length of the generated string
-	 * @param string $characters An optional list of characters to use
+	 * @param string $characters An optional list of characters to use if no characterlist is
+	 * 							specified all valid base64 characters are used.
 	 * @return string
-	 * @throws \Exception
+	 * @throws \Exception If the generator is not initialized.
 	 */
 	public function generate($length, $characters = '');
 }