* auth_internal OTP form: fix double-urlencode

 * post-login redirect: handle ?return in a less idiotic fashion

1 files changed, 2 insertions, 2 deletions

diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php
index f113cd31e..697d0d0d2 100644
--- a/plugins/auth_internal/init.php
+++ b/plugins/auth_internal/init.php
@@ -36,7 +36,7 @@ class Auth_Internal extends Auth_Base {
 						return false;
 
 				} else {
-					$return = urlencode($_REQUEST["return"]);
+					$return = urlencode(with_trailing_slash($_REQUEST["return"]));
 					?>
 					<!DOCTYPE html>
 					<html>
@@ -81,7 +81,7 @@ class Auth_Internal extends Auth_Base {
 							<body class="flat ttrss_utility otp css_loading">
 								<h1><?= __("Authentication") ?></h1>
 								<div class="content">
-									<form dojoType="dijit.form.Form" action="public.php?return=<?= urlencode(with_trailing_slash($return)) ?>" method="post" class="otpform">
+									<form dojoType="dijit.form.Form" action="public.php?return=<?= $return ?>" method="post" class="otpform">
 
 										<?php foreach (["login", "password", "bw_limit", "safe_mode", "remember_me", "profile"] as $key) {
 											print \Controls\hidden_tag($key, $_POST[$key] ?? "");