login: switch to absolute redirect urls

3 files changed, 11 insertions, 3 deletions

diff --git a/classes/handler/public.php b/classes/handler/public.php
index c3f18d8bb..a8369f440 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -623,7 +623,7 @@ class Handler_Public extends Handler {
 
 		} else {
 
-			$return = urlencode($_SERVER["REQUEST_URI"])
+			$return = urlencode(make_self_url());
 
 			?>
 
@@ -712,7 +712,9 @@ class Handler_Public extends Handler {
 				user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
 			}
 
-			if (clean($_REQUEST['return'])) {
+			$return = clean($_REQUEST['return']);
+
+			if ($_REQUEST['return'] && mb_strpos($return, SELF_URL_PATH) === 0) {
 				header("Location: " . clean($_REQUEST['return']));
 			} else {
 				header("Location: " . get_self_url_prefix());
diff --git a/include/login_form.php b/include/login_form.php
index 069a1fb6b..6c6aaf8cf 100755
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -61,7 +61,7 @@ function bwLimitChange(elem) {
 }
 </script>
 
-<?php $return = urlencode($_SERVER["REQUEST_URI"]) ?>
+<?php $return = urlencode(make_self_url()) ?>
 
 <div class="container">
 
diff --git a/include/sanity_check.php b/include/sanity_check.php
index 3612b4e56..654c83e38 100755
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -14,6 +14,12 @@
 	 * If you come crying when stuff inevitably breaks, you will be mocked and told
 	 * to get out. */
 
+	function make_self_url() {
+		$proto = is_server_https() ? 'https' : 'http';
+
+		return $proto . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
+	}
+
 	function make_self_url_path() {
 		$proto = is_server_https() ? 'https' : 'http';
 		$url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);