--- shib_auth.module.orig       2009-05-07 14:21:58.000000000 +0200
+++ shib_auth.module.urlencode  2009-08-08 15:51:04.000000000 +0200
@@ -289,7 +289,7 @@
       $handler = $handlerprotocol ."://". $_SERVER['HTTP_HOST'] . $handlerurl . $wayfuri;
     }
     //$actuallocation: the path where the Shibboleth should return
-    $actuallocation = (isset($_SERVER['HTTPS']) ? 'https' : 'http') .'://'. $_SERVER['HTTP_HOST'] . request_uri();
+    $actuallocation = urlencode((isset($_SERVER['HTTPS']) ? 'https' : 'http') .'://'. $_SERVER['HTTP_HOST'] . request_uri());
 
     // If there is no session yet then we should put the login text into the block
     $block_content .= "<p><b><a href=\"$handler?target=$actuallocation\">"