diff --git a/account.php b/account.php
index aa23a3d..8a563d5 100644
--- a/account.php
+++ b/account.php
@@ -209,7 +209,7 @@ function cmd_do_login()
 
     if($iResult == SUCCESS)
     {
-        $sReturnUrl = $aClean['sReturnTo'];
+        $sReturnUrl = urldecode($aClean['sReturnTo']);
         if(!$sReturnUrl)
             $sReturnUrl = apidb_fullurl("index.php");
         addmsg("You are successfully logged in as '$oUser->sRealname'.", "green");
diff --git a/include/util.php b/include/util.php
index a81e581..3462e78 100644
--- a/include/util.php
+++ b/include/util.php
@@ -907,7 +907,7 @@ function util_trim_description($sDescription)
    to the current page once he has logged in */
 function login_url()
 {
-    $sCurrentUrl = $_SERVER['REQUEST_URI'];
+    $sCurrentUrl = urlencode($_SERVER['REQUEST_URI']);
     $sLoginUrl = BASE."account.php?sCmd=login";
 
     /* If we are on the login page that means the URL already contains an sReturnTo value,