backurl base64

app/controllers/account_controller.rb

@@ -451,8 +451,8 @@ class AccountController < ApplicationController
     eval("code = " + "/^" + home_url.gsub(/\//,"\\\/") + "\\\/*(welcome)?\\\/*(\\\/index\\\/*.*)?\$/")
     if (code=~params[:back_url] || params[:back_url].to_s.include?('lost_password')) && last_login_on != ''
       redirect_to user_activities_path(user,host: Setting.host_user)
-    elsif params[:back_url]
-      redirect_to params[:back_url]
+    elsif params[:back_url64]
+      redirect_to Base64.urlsafe_decode64(params[:back_url64])
     else
       if last_login_on == ''
         redirect_to my_account_url

app/controllers/oauth_controller.rb

@@ -144,8 +144,9 @@ class OauthController < ApplicationController
 
   private
   def require_login
+    require "base64"
     if !User.current.logged?
-      redirect_to '/login?back_url='+request.original_url
+      redirect_to '/login?back_url64='+Base64.urlsafe_encode64(request.original_url)
     end
   end