diff -ruN e-smith-manager-2.4.0.old/root/etc/e-smith/web/common/cgi-bin/login e-smith-manager-2.4.0/root/etc/e-smith/web/common/cgi-bin/login
--- e-smith-manager-2.4.0.old/root/etc/e-smith/web/common/cgi-bin/login	2013-01-31 13:31:37.000000000 -0800
+++ e-smith-manager-2.4.0/root/etc/e-smith/web/common/cgi-bin/login	2013-02-23 21:40:35.000000000 -0800
@@ -101,6 +101,7 @@
 $back ||= $q->param($at->back_arg_name) if $at->back_arg_name;
 #warn "back from cgi param is $back\n" if $back;
 $back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $BACK_REFERER;
+$back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/i;
 $back =~ s/^http:/https:/;
 #warn "back is $back\n";
 if ($back && $back =~ m!^/!) {
@@ -113,7 +114,7 @@
   $back = 'http://' . $back;
 #warn "back is $back\n";
 }
-$back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/;
+
 #warn "back is $back\n";
 my $back_esc = uri_escape($back) if $back;
 my $back_html = escapeHTML($back) if $back;