PHPBB 2.0.11 redirect bug

DISCLAIMER: I don't use phpBB and i discourage anyone from using it. I just fixed this bug for a friend. I have no plans to use phpBB in the near future, unless it is absolutely necessary or if an overwhelming feeling of laziness strikes me. Also, note that this fix is not advisable unless you're not planning to patch up phpBB.

There is a bug in phpBB 2.0.11 that redirects a user to a url like http://...http://... when logging in and out. Nukefixes suggested a fix.

That is, by editing login.php and using the variable
$header_location = ( @preg_match("/Microsoft|WebSTAR|Xitami/", $_SERVER["SERVER_SOFTWARE"]) ) ? "Refresh: 0; URL=" : "Location: ";
then replacing
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
with
header($header_location . append_sid("index.$phpEx", true));
exit;
Note that this is BAD programming practice. However, it just works, so for this purpose, i didn't feel bad using this.

After fixing that, tho. There will still be a problem logging out. So you should replace the next
redirect(append_sid("index.$phpEx", true));
that comes after
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
with
header($header_location . append_sid("index.$phpEx", true));
exit;
which is the same thing as that above.

Two other problems will be the "Profile" and "Log in to check your private messages" links when clicked while not logged in. Those links will point to the same faulty url.

To fix these, profile.php and privmsg.php should be edited using the same variable $header_location, replace the string:
redirect(
(if the line it's in starts with it) with
header($header_location .
and add a line:
exit;
after that.

That should do it.