[ofbiz-framework] branch trunk updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

Wed, 03 Feb 2021 02:47:28 -0800 

This is an automated email from the ASF dual-hosted git repository.

mbrohl pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new ffcd8f3  Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on 
non-authentication pages (OFBIZ-12047)
ffcd8f3 is described below

commit ffcd8f34fc39db979e4ba6ec455b4dc165276632
Author: Ingo Könemann <ingo.koenem...@ecomify.de>
AuthorDate: Wed Feb 3 09:19:12 2021 +0100

    Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication
    pages (OFBIZ-12047)
    
    Added removal of the _PREVIOUS_REQUEST_ attribute when requesting
    non-authenticated sites and moved targetRequestUri handling to a
    accommodate this change
---
 .../apache/ofbiz/webapp/control/RequestHandler.java    | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 3bf5632..6b2c08a 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -383,13 +383,6 @@ public final class RequestHandler {
 
         // Grab data from request object to process
         String defaultRequestUri = 
RequestHandler.getRequestUri(request.getPathInfo());
-        if (request.getAttribute("targetRequestUri") == null) {
-            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != 
null) {
-                request.setAttribute("targetRequestUri", 
request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
-            } else {
-                request.setAttribute("targetRequestUri", "/" + 
defaultRequestUri);
-            }
-        }
 
         String requestMissingErrorMessage = "Unknown request ["
                 + defaultRequestUri
@@ -636,6 +629,17 @@ public final class RequestHandler {
                     requestMap = ccfg.getRequestMapMap().get("ajaxCheckLogin");
                 }
             }
+        } else {
+            // Remove previous request attribute on navigation to 
non-authenticated request
+            request.getSession().removeAttribute("_PREVIOUS_REQUEST_");
+        }
+
+        if (request.getAttribute("targetRequestUri") == null) {
+            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != 
null) {
+                request.setAttribute("targetRequestUri", 
request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
+            } else {
+                request.setAttribute("targetRequestUri", "/" + 
defaultRequestUri);
+            }
         }
 
         // after security check but before running the event, see if a 
post-login redirect has completed and we have data from the pre-login

Reply via email to