Fix #2288 allow redirect after logout, only if the target URL is internal

modules/member/member.controller.php

@@ -134,12 +134,21 @@ class MemberController extends Member
 		// If a device key is present, unregister it.
 		Rhymix\Modules\Member\Controllers\Device::getInstance()->autoUnregisterDevice($logged_info->member_srl);
 
+		// Set redirect URL.
 		$output = new BaseObject();
+		$redirect_url = Context::get('redirect_url');
+		if ($redirect_url && Rhymix\Framework\URL::isInternalURL($redirect_url))
+		{
+			$output->redirect_url = $redirect_url;
+		}
+		else
+		{
 			$config = ModuleModel::getModuleConfig('member');
 			if($config->after_logout_url)
 			{
 				$output->redirect_url = $config->after_logout_url;
 			}
+		}
 		return $output;
 	}
 

modules/member/member.view.php

@@ -897,12 +897,19 @@ class MemberView extends Member
 		// Redirect if not logged in.
 		if(!Context::get('is_logged'))
 		{
-			$this->setRedirectUrl(getNotEncodedUrl('act', ''));
+			$this->setRedirectUrl(getNotEncodedUrl('act', '', 'redirect_url', ''));
 			return;
 		}
 
 		$output = MemberController::getInstance()->procMemberLogout();
-		$this->setRedirectUrl(isset($output->redirect_url) ? $output->redirect_url : getNotEncodedUrl('act', ''));
+		if (!empty($output->redirect_url))
+		{
+			$this->setRedirectUrl($output->redirect_url);
+		}
+		else
+		{
+			$this->setRedirectUrl(getNotEncodedUrl('act', '', 'redirect_url', ''));
+		}
 	}
 
 	/**