From 31446d38122dfd90e9391acb0a8be4053f6ad3b7 Mon Sep 17 00:00:00 2001
From: dgrh99 <daniel.gerhardt@mni.thm.de>
Date: Thu, 24 Jan 2013 13:06:28 +0100
Subject: [PATCH] Use @RequestParam-Annotation for referer parameter.

---
 src/main/java/de/thm/arsnova/controller/LoginController.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/thm/arsnova/controller/LoginController.java b/src/main/java/de/thm/arsnova/controller/LoginController.java
index 15e93523..0e11272f 100644
--- a/src/main/java/de/thm/arsnova/controller/LoginController.java
+++ b/src/main/java/de/thm/arsnova/controller/LoginController.java
@@ -80,6 +80,7 @@ public class LoginController extends AbstractController {
 	public final View doLogin(
 			@RequestParam("type") final String type,
 			@RequestParam(value = "user", required = false) final String guestName,
+			@RequestParam(value = "referer", required = false) final String forcedReferer,
 			final HttpServletRequest request,
 			final HttpServletResponse response
 	) throws IOException, ServletException {
@@ -87,7 +88,7 @@ public class LoginController extends AbstractController {
 		if (referer == null) {
 			/* Use a url from a request parameter as referer as long as the url is not absolute (to prevent
 			 * abuse of the redirection). */
-			if (null == (referer = request.getParameter("referer")) && UrlUtils.isAbsoluteUrl(referer)) {
+			if (null == (referer = forcedReferer) && UrlUtils.isAbsoluteUrl(referer)) {
 				referer = "/";
 			}
 		}
-- 
GitLab