From ad790484a5f9d27527a788f10a7b2b76917296b2 Mon Sep 17 00:00:00 2001
From: dgrh99 <daniel.gerhardt@mni.thm.de>
Date: Thu, 24 Jan 2013 11:44:16 +0100
Subject: [PATCH] Allow the referer being set by request parameter since we
 cannot rely on the header being present (e.g. with IE).

---
 .../de/thm/arsnova/controller/LoginController.java     | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index 9bbe78307..15e93523e 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -42,6 +42,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Sha512DigestUtils;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.util.UrlUtils;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -83,6 +84,13 @@ public class LoginController extends AbstractController {
 			final HttpServletResponse response
 	) throws IOException, ServletException {
 		String referer = request.getHeader("referer");
+		if (referer == null) {
+			/* Use a url from a request parameter as referer as long as the url is not absolute (to prevent
+			 * abuse of the redirection). */
+			if (null == (referer = request.getParameter("referer")) && UrlUtils.isAbsoluteUrl(referer)) {
+				referer = "/";
+			}
+		}
 		request.getSession().setAttribute("ars-referer", referer);
 		if ("cas".equals(type)) {
 			casEntryPoint.commence(request, response, null);
@@ -111,7 +119,7 @@ public class LoginController extends AbstractController {
 			SecurityContextHolder.getContext().setAuthentication(token);
 			request.getSession(true).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 					SecurityContextHolder.getContext());
-			return new RedirectView((referer != null ? referer : "/") + "#auth/checkLogin");
+			return new RedirectView(referer + "#auth/checkLogin");
 		}
 		return null;
 	}
-- 
GitLab