From d7387979151b0c960eb60f0c4c2a5ff0e06c2f5d Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Wed, 13 Apr 2016 14:39:29 +0200
Subject: [PATCH] OO-1958: save setting if "start page" is clicked too

---
 .../controllers/resume/ResumeController.java      |  3 ++-
 .../olat/basesecurity/SecurityManagerTest.java    | 15 ++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java b/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java
index fba11b4e914..9f699ac9151 100644
--- a/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java
+++ b/src/main/java/org/olat/core/commons/controllers/resume/ResumeController.java
@@ -99,7 +99,8 @@ public class ResumeController extends FormBasicController {
 		if(source.equals(noButton)){
 			savePreferences(ureq, "none");			
 			fireEvent (ureq, new Event("no"));
-		} else if(source.equals(landingButton)){		
+		} else if(source.equals(landingButton)){
+			savePreferences(ureq, "none");		
 			fireEvent (ureq, new Event("landing"));
 		}
 	}
diff --git a/src/test/java/org/olat/basesecurity/SecurityManagerTest.java b/src/test/java/org/olat/basesecurity/SecurityManagerTest.java
index e73fcd94063..dab0261c318 100644
--- a/src/test/java/org/olat/basesecurity/SecurityManagerTest.java
+++ b/src/test/java/org/olat/basesecurity/SecurityManagerTest.java
@@ -36,6 +36,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -197,10 +198,22 @@ public class SecurityManagerTest extends OlatTestCase {
 		assertEquals(testLogin,authentication.getAuthusername());
 	}
 
-	@Test public void testFindAuthenticationByAuthusername() {
+	@Test
+	public void testFindAuthenticationByAuthusername() {
 		Authentication authentication = securityManager.findAuthenticationByAuthusername(testLogin, BaseSecurityModule.getDefaultAuthProviderIdentifier());
 		assertEquals(testLogin,authentication.getAuthusername());
 	}
+	
+	@Test
+	public void testFindAuthenticationByAuthusername_attack() {
+		String testLoginHacked = "*est-logi*";
+		Authentication authentication1 = securityManager.findAuthenticationByAuthusername(testLoginHacked, BaseSecurityModule.getDefaultAuthProviderIdentifier());
+		Assert.assertNull(authentication1);
+		
+		String testLoginHacked2 = "$est-login";
+		Authentication authentication2 = securityManager.findAuthenticationByAuthusername(testLoginHacked2, BaseSecurityModule.getDefaultAuthProviderIdentifier());
+		Assert.assertNull(authentication2);	
+	}
 
 	@Test @Ignore
 	public void testCountUniqueUserLoginsSince(){
-- 
GitLab