2 files changed, 20 insertions, 7 deletions

diff --git a/src/web/helpers/html.php b/src/web/helpers/html.php
index dc38e3a..2c90eca 100644
--- a/src/web/helpers/html.php
+++ b/src/web/helpers/html.php
@@ -12,6 +12,14 @@ function maybe_base64_encode(string $data): string {
 	}
 }
 
+function maybe_base64_decode(string $data): string {
+	if (is_base64($data)) {
+		return base64_decode($data);
+	} else {
+		return $data;
+	}
+}
+
 function esc(string $data): string {
 	$data = trim(preg_replace('/\s\s+/', ' ', $data));
 	$data = str_replace('&', '&', $data);
diff --git a/src/web/router.php b/src/web/router.php
index 56f4156..55f17c3 100644
--- a/src/web/router.php
+++ b/src/web/router.php
@@ -82,6 +82,15 @@ class Router {
 		return $values;
 	}
 
+	private function get_redirect(): string {
+		$redirect = $_GET['redirect'] ?? $this->get_post_info('redirect') ?? '';
+		if (is_array($redirect)) {
+			$redirect = $redirect['redirect'];
+		}
+		$redirect = maybe_base64_decode($redirect);
+		return $redirect;
+	}
+
 	private function handle_login(): void {
 		$info = $this->get_post_info('username', 'password');
 		if ($info == NULL) {
@@ -90,12 +99,7 @@ class Router {
 			return;
 		}
 
-		$redirect = $this->get_post_info('redirect') ?? '';
-		if (is_array($redirect)) {
-			$redirect = $redirect['redirect'];
-			$redirect = base64_decode($redirect);
-		}
-
+		$redirect = $this->get_redirect();
 		$user = $this->ldap->search($info['username']);
 		if ($user == NULL || !count($user)) {
 			http_response_code(400);
@@ -155,7 +159,8 @@ class Router {
 		if ($session == NULL) {
 			// redirect them to login
 			http_response_code(303);
-			header("Location: http://{$this->domain}/login");
+			$redirect = maybe_base64_encode($this->get_redirect());
+			header("Location: http://{$this->domain}/login?redirect={$redirect}");
 		} else {
 			// update session expiry
 			$session->reset_expiry();