From 217c722a63418156a34c975430e1bfbbb17eb92c Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Fri, 4 Apr 2025 10:16:36 +0800
Subject: [PATCH] Encode RedirectUri in AuthorizeController.

---
 .../Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs     | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
index 0a859a5484..5c2f6ef996 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/AuthorizeController.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
@@ -85,7 +86,7 @@ public class AuthorizeController : AbpOpenIdDictControllerBase
             TempData["IgnoreSelectAccount"] = true;
 
             var selectAccountPath = HttpContext.RequestServices.GetRequiredService<IOptions<AbpOpenIddictAspNetCoreOptions>>().Value.SelectAccountPage.RemovePostFix("/");
-            return Redirect(Url.Content($"{selectAccountPath}?RedirectUri={Request.PathBase + Request.Path + QueryString.Create(Request.HasFormContentType ? Request.Form : Request.Query)}"));
+            return Redirect(Url.Content($"{selectAccountPath}?RedirectUri={UrlEncoder.Default.Encode(Request.PathBase + Request.Path + QueryString.Create(Request.HasFormContentType ? Request.Form : Request.Query))}"));
         }
 
         // Retrieve the profile of the logged in user.