From 749957c3b45069c619a6ddcd4b5d862cb601c828 Mon Sep 17 00:00:00 2001
From: Eric Lippmann <eric.lippmann@netways.de>
Date: Thu, 12 Mar 2015 00:57:03 +0100
Subject: [PATCH] Fix too greedy __SELF__ login redirect on XHR

I introduced this bug some commits earlier. We only must redirect to __SELF__ on XHR
if a redirect URL was set.

refs #8626
---
 library/Icinga/Web/Controller/ActionController.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/library/Icinga/Web/Controller/ActionController.php b/library/Icinga/Web/Controller/ActionController.php
index f0db0164f..2917d3115 100644
--- a/library/Icinga/Web/Controller/ActionController.php
+++ b/library/Icinga/Web/Controller/ActionController.php
@@ -295,9 +295,9 @@ class ActionController extends Zend_Controller_Action
     /**
      * Redirect to login
      *
-     * XHR will always redirect to __SELF__. __SELF__ instructs JavaScript to redirect to the current window's URL
-     * if it's an auto-refresh request or to redirect to the URL which required login if it's not an auto-refreshing
-     * one.
+     * XHR will always redirect to __SELF__ if an URL to redirect to after successful login is set. __SELF__ instructs
+     * JavaScript to redirect to the current window's URL if it's an auto-refresh request or to redirect to the URL
+     * which required login if it's not an auto-refreshing one.
      *
      * XHR will respond with HTTP status code 403 Forbidden.
      *
@@ -307,7 +307,9 @@ class ActionController extends Zend_Controller_Action
     {
         $login = Url::fromPath('authentication/login');
         if ($this->isXhr()) {
-            $login->setParam('redirect', '__SELF__');
+            if ($redirect !== null) {
+                $login->setParam('redirect', '__SELF__');
+            }
             $this->_response->setHttpResponseCode(403);
         } elseif ($redirect !== null) {
             if (! $redirect instanceof Url) {