From fd04ce659158a02174454dd2eb950856ee94d759 Mon Sep 17 00:00:00 2001
From: Luka Skukan <luka.skukan@infinum.hr>
Date: Fri, 10 Feb 2017 11:32:45 +0100
Subject: [PATCH] Fix URI encoding and decoding on login redirect

---
 lib/controllers/login.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controllers/login.js b/lib/controllers/login.js
index 0c932ba8..34b5ff46 100644
--- a/lib/controllers/login.js
+++ b/lib/controllers/login.js
@@ -81,10 +81,10 @@ module.exports = function (req, res, next) {
       },
       'text/html': function () {
         var nextUri = url.parse(req.query.next || '').path;
-        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + nextUri) : ''));
+        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + encodeURIComponent(nextUri)) : ''));
 
         if (req.user && config.web.login.enabled) {
-          var nextUrl = nextUri || config.web.login.nextUri;
+          var nextUrl = nextUri || decodeURIComponent(config.web.login.nextUri);
           return res.redirect(302, nextUrl);
         }