Index: cas.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/cas/cas.module,v
retrieving revision 1.42
diff -u -r1.42 cas.module
--- cas.module	24 Jun 2008 18:46:11 -0000	1.42
+++ cas.module	25 Jun 2008 05:36:43 -0000
@@ -655,10 +655,28 @@
   }
   // Add logout
   $logout_destination .= '/'. trim($uri,'/') .'/logout';
-  // If admin has set and enabled a logout destination, add it
-  if (variable_get('cas_logout_redirect', 0) && variable_get('cas_logout_destination', '')) {
-    $logout_destination .= '?service='. variable_get('cas_logout_destination', '');
+  
+  // Add destination override so that a destination can be specified on the logout link
+  // e.g. caslogout?destination=http://foo.bar.com/foobar
+  // do not accept caslogout as a valid destination, since that may cause a redirect loop
+  $destination = preg_replace("/(destination=|caslogout)/", "", drupal_get_destination());
+
+  // If there was no override and admin has set and enabled a logout destination, look for it
+  if (empty($destination) && variable_get('cas_logout_redirect', 0)) {
+    $destination = variable_get('cas_logout_destination', '');
+    // redirection is enabled but no url is given - default to baseurl
+    if (empty($destination)) {
+      $destination = $base_url;
+    }
   }
+
+  // Add the log out destination if we have one
+  // The three variables are a hack because cas server implementations don't seem to be consistent with
+  // its use. 
+  if ($destination) {
+    $logout_destination .= '?destination='. $destination .'&service='.$destination .'&url='.$destination;
+  }
+  
   // Go to the constructed logout destination
   drupal_goto($logout_destination);
 }

