web: fix the mechanism for forwarding to original page after login.

html/user/login_action.php

@@ -133,6 +133,7 @@ if ($id && $t && $h) {
 }
 
 $next_url = post_str("next_url", true);
+$next_url = urldecode($next_url);
 $next_url = sanitize_local_url($next_url);
 if (strlen($next_url) == 0) $next_url = "home.php";
 

html/user/login_form.php

@@ -22,8 +22,10 @@ require_once("../inc/account.inc");
 
 check_get_args(array("next_url"));
 
-$next_url = sanitize_local_url(get_str('next_url', true));
+$next_url = get_str('next_url', true);
 $next_url = urldecode($next_url);
+$next_url = sanitize_local_url($next_url);
+$next_url = urlencode($next_url);
 
 $u = "login_form.php?next_url=".$next_url;
 redirect_to_secure_url($u);