Login form does not safe encode next query parameter

[KamalAman]

In the Login form when the user needs to be authenticated, the next query parameter does is not URI encoded with encodeURIComponent.

Example

request /resource?pretty&test=1
Authentication Failed
redirect login?next=/resource?pretty&test=1

However the redirect should be
redirect login?next=%2Fresource%3Fpretty%26test%3D1

Proposed change: Add encodeURIComponent when setting next, and decodeURIComponent when redirecting after successful login

  var nextUri = url.parse(req.query.next || '').path;
  var formActionUri = (config.web.login.uri + (nextUri ? ('?next=' + encodeURIComponent(nextUri)) : ''));

   if (req.user && config.web.login.enabled) {
      var nextUrl = decodeURIComponent(nextUri || config.web.login.nextUri);
      return res.redirect(302, nextUrl);
   }

Currently, the original query parameters after the first one does not get included when redirected

[robertjd]

Thanks @KamalAman ! We'll get this fixed.