Issue #97: Fix for open redirect in logout function (#99)

* Fix for open redirect in logout function

* modified to PARAM_LOCALURL

Author: Cyber-Wo0dy

auth.php

@@ -642,7 +642,7 @@ public function logoutpage_hook() {
     public function user_logout_userkey() {
         global $CFG, $USER;
 
-        $redirect = required_param('return', PARAM_URL);
+        $redirect = required_param('return', PARAM_LOCALURL);
 
         // We redirect when user's session in Moodle already has expired
         // or the user is still logged in using "userkey" auth type.