From e8cc4f1e257ba8ed3f6895d0b57d032e53d6542d Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Wed, 10 Jun 2009 15:46:05 +0000
Subject: Modified logonredirect to discard get/post data when don't follow
 login redirect.

---
 app/acf-util/logon-controller.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'app/acf-util/logon-controller.lua')

diff --git a/app/acf-util/logon-controller.lua b/app/acf-util/logon-controller.lua
index c8cd82a..d71d257 100644
--- a/app/acf-util/logon-controller.lua
+++ b/app/acf-util/logon-controller.lua
@@ -22,6 +22,7 @@ logon = function(self)
 	local redir = cfe({ value=clientdata.redir or "/welcome/read", label="" })
 	local cmdresult = cfe({ type="form", value={userid=userid, password=password, redir=redir}, label="Logon", option="Logon" })
 	if clientdata.Logon then
+		local logonredirect = self.sessiondata.logonredirect
 		local logon = self.model:logon(clientdata.userid, clientdata.password, conf.clientip, conf.sessiondir, sessiondata)
 		-- If successful logon, redirect to welcome-page, otherwise try again
 		if logon.value then
@@ -31,6 +32,13 @@ logon = function(self)
 		end
 		cmdresult = self:redirect_to_referrer(cmdresult)
 		if logon.value then
+			-- only copy the logonredirect if redirecting to that page
+			if logonredirect and cmdresult.value.redir.value then
+				local prefix, controller, action = self.parse_path_info("/"..cmdresult.value.redir.value)
+				if logonredirect.action == action and logonredirect.controller == controller then
+					self.sessiondata.logonredirect = logonredirect
+				end
+			end
 			redirect(self, cmdresult.value.redir.value)
 		end
 	else
-- 
cgit v1.2.3