Use generateLocation to set the redirection in login (and don't escape the url)

2016-03-21 19:06:46 +01:00 · 2016-03-21 19:06:46 +01:00 · e15f08d72a
parent 890afc32f7
commit e15f08d72a
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -483,7 +483,7 @@ if (isset($_POST['login']))
        if (isset($_POST['returnurl'])) {
            // Prevent loops over login screen.
            if (strpos($_POST['returnurl'], 'do=login') === false) {
-                header('Location: '. escape($_POST['returnurl']));
+                header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
                exit;
            }
        }