From 032a2e018f8f239b88799948f3119a929d222f60 Mon Sep 17 00:00:00 2001
From: Thomas BELOT <thomas.belot@worldline.com>
Date: Fri, 19 Jun 2015 17:19:42 +0200
Subject: [PATCH] copy bugfix from Jasig/phpCAS#17

---
 CASAuth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CASAuth.php b/CASAuth.php
index 1f2f91f..c5d274e 100644
--- a/CASAuth.php
+++ b/CASAuth.php
@@ -233,7 +233,7 @@ function casPostAuth($ticket2logout) {
 
         // create a new session where we'll store the old session data
         session_name("casauthssoutticket");
-        session_id(preg_replace('/[^\w]/','',$ticket2logout));
+        session_id(preg_replace('/[^a-zA-Z0-9\-]/','',$ticket2logout));
         session_start();
 
         $_SESSION["old_session_name"] = $old_session_name;
@@ -257,7 +257,7 @@ function casSingleSignOut($ticket2logout) {
 
         require_once($CASAuth["phpCAS"]."/CAS.php");
 
-        $session_id = preg_replace('/[^\w]/','',$ticket2logout);
+        $session_id = preg_replace('/[^a-zA-Z0-9\-]/','',$ticket2logout);
 
         // destroy a possible application session created before phpcas
         if(session_id() !== ""){