diff -Nur e-smith-manager-2.8.0.old/root/etc/e-smith/web/common/cgi-bin/login e-smith-manager-2.8.0/root/etc/e-smith/web/common/cgi-bin/login
--- e-smith-manager-2.8.0.old/root/etc/e-smith/web/common/cgi-bin/login	2017-03-25 23:40:27.418000000 -0400
+++ e-smith-manager-2.8.0/root/etc/e-smith/web/common/cgi-bin/login	2017-03-25 23:45:23.288000000 -0400
@@ -101,7 +101,7 @@
 #warn "back from cgi param is $back\n" if $back;
 $back ||= $ENV{HTTP_REFERER} if $ENV{HTTP_REFERER} && $BACK_REFERER;
 $back = uri_unescape($back) if $back && $back =~ m/^https?%3A%2F%2F/i;
-$back =~ s/^http:/https:/ if $server_name ne 'localhost';
+$back =~ s/^http:/https:/ if $server_name ne 'localhost' && defined($back;
 #warn "back is $back\n";
 if ($back && $back =~ m!^/!) {
   my $hostname = $server_name;
@@ -132,7 +132,10 @@
 my $b = URI->new($back);
 # If $back domain doesn't match $AUTH_DOMAIN, stop there do not give opportunity to log in
 my $domain = $AUTH_DOMAIN || $server_name;
-if ($b->host !~ m/\b$domain$/i) {
+if (! defined($back)) {
+    $fatal="Missing redirection parameter: \"back\" <br />\nPlease manually enter the address you were trying to reach if you followed a link.<br />\n";
+}
+if (defined($back) && $b->host !~ m/\b$domain$/i) {
     $fatal="Bad redirection parameter: \"$back\" is not an authorized redirection.<br />\nYou may be experiencing an attack.<br />\nLogin is not possible on the above URL for your own security.<br />\nPlease manually enter the address you were trying to reach if you followed a link.";
   }