From 6ffbd987a6cbce9934f7c5c62cb9c00f7746f902 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Thu, 1 Sep 2022 10:02:58 +0200
Subject: [PATCH] Support URIs with query-string in
 AbstractOauth2Action::getAuthorizeUrl()

---
 .../files/lib/action/AbstractOauth2Action.class.php    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
index 427e39b0d4..64baf775b5 100644
--- a/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
+++ b/wcfsetup/install/files/lib/action/AbstractOauth2Action.class.php
@@ -4,6 +4,7 @@ namespace wcf\action;
 
 use GuzzleHttp\ClientInterface;
 use GuzzleHttp\Psr7\Request;
+use Laminas\Diactoros\Uri;
 use ParagonIE\ConstantTime\Base64UrlSafe;
 use ParagonIE\ConstantTime\Hex;
 use Psr\Http\Client\ClientExceptionInterface;
@@ -225,7 +226,14 @@ abstract class AbstractOauth2Action extends AbstractAction
             $parameters['code_challenge_method'] = 'S256';
         }
 
-        $url = $this->getAuthorizeUrl() . '?' . \http_build_query($parameters, '', '&');
+        $encodedParameters = \http_build_query($parameters, '', '&');
+
+        $url = new Uri($this->getAuthorizeUrl());
+        if (($query = $url->getQuery())) {
+            $url = $url->withQuery("{$query}&{$encodedParameters}");
+        } else {
+            $url = $url->withQuery($encodedParameters);
+        }
 
         HeaderUtil::redirect($url);
 
-- 
2.20.1