From 4df0efa250a070c584b8a93353cb106a63a0f9e2 Mon Sep 17 00:00:00 2001
From: Anurag Ramdasan <anuragr@live.com>
Date: Wed, 11 Jun 2014 19:04:16 +0000
Subject: [PATCH] decode uri component before redirect for safe redirect

---
 lms/templates/login.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lms/templates/login.html b/lms/templates/login.html
index 5d79076227..db46d5e9c3 100644
--- a/lms/templates/login.html
+++ b/lms/templates/login.html
@@ -51,7 +51,7 @@
       $('#login-form').on('ajax:success', function(event, json, xhr) {
         if(json.success) {
           var u=decodeURI(window.location.search);
-          next=u.split("next=")[1];
+          next=decodeURIComponent(u.split("next=")[1]);
           if (next && !isExternal(next)) {
             location.href=next;
           }  else if(json.redirect_url){