Support URIs with query-string in AbstractOauth2Action::getAuthorizeUrl()

diff --git a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
index 427e39b0d49e99a8cdb8a97cda2b3e29fe8fd48a..64baf775b53bb059a3acd638a94d983fbd465364 100644 (file)
--- a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
+++ b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
@@ -4,6 +4,7 @@ namespace wcf\action;
 
 use GuzzleHttp\ClientInterface;
 use GuzzleHttp\Psr7\Request;
+use Laminas\Diactoros\Uri;
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use ParagonIE\ConstantTime\Hex;
 use Psr\Http\Client\ClientExceptionInterface;
@@ -225,7 +226,14 @@ abstract class AbstractOauth2Action extends AbstractAction
             $parameters['code_challenge_method'] = 'S256';
         }
 
-        $url = $this->getAuthorizeUrl() . '?' . \http_build_query($parameters, '', '&');
+        $encodedParameters = \http_build_query($parameters, '', '&');
+
+        $url = new Uri($this->getAuthorizeUrl());
+        if (($query = $url->getQuery())) {
+            $url = $url->withQuery("{$query}&{$encodedParameters}");
+        } else {
+            $url = $url->withQuery($encodedParameters);
+        }
 
         HeaderUtil::redirect($url);