Use generateLocation to set the redirection in login (and don't escape the url)

diff --git a/index.php b/index.php
index 850b350e9c5ad1c2dbae08c5573b929aaf22749b..27db10ba147bfbd4f79daa39176a46ff431b974e 100644 (file)
--- a/index.php
+++ b/index.php
@@ -483,7 +483,7 @@ if (isset($_POST['login']))
         if (isset($_POST['returnurl'])) {
             // Prevent loops over login screen.
             if (strpos($_POST['returnurl'], 'do=login') === false) {
-                header('Location: '. escape($_POST['returnurl']));
+                header('Location: '. generateLocation($_POST['returnurl'], $_SERVER['HTTP_HOST']));
                 exit;
             }
         }