From 0f4ebc7b4e45ce71cb8361bf76572714cf9bc764 Mon Sep 17 00:00:00 2001
From: Kotlyar Maksim <kotlyar.maksim@gmail.com>
Date: Thu, 10 Apr 2014 13:47:06 +0000
Subject: [PATCH] [security] GenericTokenFactory did not handle afterPath
 correctly, when it is url.

---
 Security/AbstractGenericTokenFactory.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Security/AbstractGenericTokenFactory.php b/Security/AbstractGenericTokenFactory.php
index cbcab78..ae0e206 100644
--- a/Security/AbstractGenericTokenFactory.php
+++ b/Security/AbstractGenericTokenFactory.php
@@ -66,7 +66,15 @@ public function createToken($paymentName, $model, $targetPath, array $targetPara
             $token->setTargetUrl($this->generateUrl($targetPath, $targetParameters));
         }
 
-        if ($afterPath) {
+        if ($afterPath && 0 === strpos($afterPath, 'http')) {
+            if (false !== strpos($afterPath, '?')) {
+                $afterPath .= '&'.http_build_query($afterParameters);
+            } else {
+                $afterPath .= '?'.http_build_query($afterParameters);
+            }
+
+            $token->setAfterUrl($afterPath);
+        } elseif ($afterPath) {
             $token->setAfterUrl($this->generateUrl($afterPath, $afterParameters));
         }