From 8b593a7e972830031092aa977efb5b22d698bad3 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Thu, 7 Jan 2016 12:00:21 +0100
Subject: [PATCH] OO-1828: remove all redirections in the case of an assessment
in assessment mode
---
.../fullWebApp/BaseFullWebappController.java | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/src/main/java/org/olat/core/commons/fullWebApp/BaseFullWebappController.java b/src/main/java/org/olat/core/commons/fullWebApp/BaseFullWebappController.java
index 60ea9a344d0..af2a26fdf30 100644
--- a/src/main/java/org/olat/core/commons/fullWebApp/BaseFullWebappController.java
+++ b/src/main/java/org/olat/core/commons/fullWebApp/BaseFullWebappController.java
@@ -237,6 +237,8 @@ public class BaseFullWebappController extends BasicController implements DTabs,
listenTo(assessmentGuardCtrl);
assessmentGuardCtrl.getInitialComponent();
lockStatus = LockStatus.popup;
+ //as security remove all
+ removeRedirects(usess);
} else {
// present an overlay with configured afterlogin-controllers or nothing if none configured.
// presented only once per session.
@@ -278,6 +280,20 @@ public class BaseFullWebappController extends BasicController implements DTabs,
GlobalStickyMessage.registerForGlobalStickyMessage(this, getIdentity());
}
+ /**
+ * Remove all possible redirect commands in session.
+ *
+ * @param usess
+ */
+ private void removeRedirects(UserSession usess) {
+ usess.removeEntry("AuthDispatcher:entryUrl");
+ usess.removeEntry("AuthDispatcher:businessPath");
+ usess.removeEntry("redirect-bc");
+ usess.removeEntryFromNonClearedStore("AuthDispatcher:entryUrl");
+ usess.removeEntryFromNonClearedStore("AuthDispatcher:businessPath");
+ usess.removeEntryFromNonClearedStore("redirect-bc");
+ }
+
private void initializeBase(UserRequest ureq, WindowManager winman, ComponentCollection mainPanel) {
// component-id of mainPanel for the window id
mainVc.contextPut("o_winid", mainPanel.getDispatchID());
--
GitLab