From e8cc4f1e257ba8ed3f6895d0b57d032e53d6542d Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Wed, 10 Jun 2009 15:46:05 +0000
Subject: Modified logonredirect to discard get/post data when don't follow
 login redirect.

---
 app/acf-util/logon-controller.lua | 8 ++++++++
 app/acf-util/logon-model.lua      | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua
index c8cd82a..d71d257 100644
--- a/app/acf-util/logon-controller.lua
+++ b/app/acf-util/logon-controller.lua
@@ -22,6 +22,7 @@ logon = function(self)
 	local redir = cfe({ value=clientdata.redir or "/welcome/read", label="" })
 	local cmdresult = cfe({ type="form", value={userid=userid, password=password, redir=redir}, label="Logon", option="Logon" })
 	if clientdata.Logon then
+		local logonredirect = self.sessiondata.logonredirect
 		local logon = self.model:logon(clientdata.userid, clientdata.password, conf.clientip, conf.sessiondir, sessiondata)
 		-- If successful logon, redirect to welcome-page, otherwise try again
 		if logon.value then
@@ -31,6 +32,13 @@ logon = function(self)
 		end
 		cmdresult = self:redirect_to_referrer(cmdresult)
 		if logon.value then
+			-- only copy the logonredirect if redirecting to that page
+			if logonredirect and cmdresult.value.redir.value then
+				local prefix, controller, action = self.parse_path_info("/"..cmdresult.value.redir.value)
+				if logonredirect.action == action and logonredirect.controller == controller then
+					self.sessiondata.logonredirect = logonredirect
+				end
+			end
 			redirect(self, cmdresult.value.redir.value)
 		end
 	else
diff --git a/app/acf-util/logon-model.lua b/app/acf-util/logon-model.lua
index 34aa46e..c110ee6 100644
--- a/app/acf-util/logon-model.lua
+++ b/app/acf-util/logon-model.lua
@@ -39,7 +39,7 @@ logon = function (self, userid, password, ip_addr, sessiondir, sessiondata)
 			session.unlink_session(sessiondir, sessiondata.id)
 			-- Clear the current session data
 			for a,b in pairs(sessiondata) do
-				if a ~= "id" and a ~= "logonredirect" then sessiondata[a] = nil end
+				if a ~= "id" then sessiondata[a] = nil end
 			end
 			--]]
 			sessiondata.id = session.random_hash(512)
-- 
cgit v1.2.3