From 45842d9b0e9d0fe6c93398a747f416df8a7f7470 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Mon, 5 Dec 2016 14:34:11 +0100
Subject: [PATCH] OO-2402. don't try to launch a resource if there is nothing
 to launch, hardened the authentication dispatcher to accept manipulated urls
 and redirect them to the current page

---
 src/main/java/org/olat/NewControllerFactory.java              | 3 +++
 .../java/org/olat/dispatcher/AuthenticatedDispatcher.java     | 4 +---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/olat/NewControllerFactory.java b/src/main/java/org/olat/NewControllerFactory.java
index 60d5ebb7532..8c3e9be0022 100644
--- a/src/main/java/org/olat/NewControllerFactory.java
+++ b/src/main/java/org/olat/NewControllerFactory.java
@@ -166,6 +166,9 @@ public class NewControllerFactory {
 	public boolean launch(UserRequest ureq, WindowControl wControl) {
 		BusinessControl bc = wControl.getBusinessControl();
 		ContextEntry mainCe = bc.popLauncherContextEntry();
+		if(mainCe == null) {
+			return false;//nothing to launch
+		}
 		OLATResourceable ores = mainCe.getOLATResourceable();
 
 		// Check for RepositoryEntry resource
diff --git a/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java b/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java
index 31ef3691517..1eb19866837 100644
--- a/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java
+++ b/src/main/java/org/olat/dispatcher/AuthenticatedDispatcher.java
@@ -113,8 +113,6 @@ public class AuthenticatedDispatcher implements Dispatcher {
 			if(log.isDebug()){
 				log.debug("Bad Request "+request.getPathInfo());
 			}
-			DispatcherModule.sendBadRequest(request.getPathInfo(), response);
-			return;
 		}
 		
 		boolean auth = usess.isAuthenticated();
@@ -193,7 +191,7 @@ public class AuthenticatedDispatcher implements Dispatcher {
 			} else {
 				businessPath = extractBusinessPath(ureq, request, uriPrefix);
 				if(businessPath == null) {
-					log.error("Invalid URI in AuthenticatedDispatcher: " + request.getRequestURI());
+					processBusinessPath("", ureq, usess);
 				} else {
 					processBusinessPath(businessPath, ureq, usess);
 				}
-- 
GitLab