[ofbiz-framework] branch release18.12 updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

mbrohl Wed, 03 Feb 2021 02:54:46 -0800

This is an automated email from the ASF dual-hosted git repository.

mbrohl pushed a commit to branch release18.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git



The following commit(s) were added to refs/heads/release18.12 by this push:
     new 0316758  Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on 
non-authentication pages (OFBIZ-12047)
0316758 is described below

commit 03167586f989e32cf3d039b9c85f321b2886d3c5
Author: Ingo Könemann <ingo.koenem...@ecomify.de>
AuthorDate: Wed Feb 3 09:19:12 2021 +0100

    Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication
    pages (OFBIZ-12047)
    
    Added removal of the _PREVIOUS_REQUEST_ attribute when requesting
    non-authenticated sites and moved targetRequestUri handling to a
    accommodate this change
---
 .../apache/ofbiz/webapp/control/RequestHandler.java    | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index fc246d2..e2cc912 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -265,13 +265,6 @@ public class RequestHandler {
 
         // Grab data from request object to process
         String defaultRequestUri = 
RequestHandler.getRequestUri(request.getPathInfo());
-        if (request.getAttribute("targetRequestUri") == null) {
-            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != 
null) {
-                request.setAttribute("targetRequestUri", 
request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
-            } else {
-                request.setAttribute("targetRequestUri", "/" + 
defaultRequestUri);
-            }
-        }
 
         String requestMissingErrorMessage = "Unknown request ["
                 + defaultRequestUri
@@ -508,6 +501,17 @@ public class RequestHandler {
                     requestMap = 
ccfg.getRequestMapMap().getFirst("ajaxCheckLogin");
                 }
             }
+        } else {
+            // Remove previous request attribute on navigation to 
non-authenticated request
+            request.getSession().removeAttribute("_PREVIOUS_REQUEST_");
+        }
+
+        if (request.getAttribute("targetRequestUri") == null) {
+            if (request.getSession().getAttribute("_PREVIOUS_REQUEST_") != 
null) {
+                request.setAttribute("targetRequestUri", 
request.getSession().getAttribute("_PREVIOUS_REQUEST_"));
+            } else {
+                request.setAttribute("targetRequestUri", "/" + 
defaultRequestUri);
+            }
         }
 
         // after security check but before running the event, see if a 
post-login redirect has completed and we have data from the pre-login request 
form to use now

[ofbiz-framework] branch release18.12 updated: Fixed: Remove _PREVIOUS_REQUEST_ Session Attribute on non-authentication pages (OFBIZ-12047)

Reply via email to