Allow the referer being set by request parameter since we cannot rely on

the header being present (e.g. with IE).

src/main/java/de/thm/arsnova/controller/LoginController.java

@@ -42,6 +42,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.token.Sha512DigestUtils;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.security.web.util.UrlUtils;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -83,6 +84,13 @@ public class LoginController extends AbstractController {
 			final HttpServletResponse response
 	) throws IOException, ServletException {
 		String referer = request.getHeader("referer");
+		if (referer == null) {
+			/* Use a url from a request parameter as referer as long as the url is not absolute (to prevent
+			 * abuse of the redirection). */
+			if (null == (referer = request.getParameter("referer")) && UrlUtils.isAbsoluteUrl(referer)) {
+				referer = "/";
+			}
+		}
 		request.getSession().setAttribute("ars-referer", referer);
 		if ("cas".equals(type)) {
 			casEntryPoint.commence(request, response, null);
@@ -111,7 +119,7 @@ public class LoginController extends AbstractController {
 			SecurityContextHolder.getContext().setAuthentication(token);
 			request.getSession(true).setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
 					SecurityContextHolder.getContext());
-			return new RedirectView((referer != null ? referer : "/") + "#auth/checkLogin");
+			return new RedirectView(referer + "#auth/checkLogin");
 		}
 		return null;
 	}