From 8b72916f1feffa3af65c99afd7900a1a1d2f03bb Mon Sep 17 00:00:00 2001
From: Aaron Bostick <aaron.bostick@dandsltd.com>
Date: Tue, 18 Apr 2017 10:07:12 -0500
Subject: [PATCH] next URI must be encoded in the form action for query strings
 to work on redirect.

---
 lib/controllers/login.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/controllers/login.js b/lib/controllers/login.js
index 0c932ba8..0e3cb79f 100644
--- a/lib/controllers/login.js
+++ b/lib/controllers/login.js
@@ -81,7 +81,7 @@ module.exports = function (req, res, next) {
       },
       'text/html': function () {
         var nextUri = url.parse(req.query.next || '').path;
-        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + nextUri) : ''));
+        var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + encodeURIComponent(nextUri)) : ''));
 
         if (req.user && config.web.login.enabled) {
           var nextUrl = nextUri || config.web.login.nextUri;