I moved ZP to the root. Same problem. hence I do not think it's a redirect issue. I asked my provider to enable mod_rewrite.
Here are the according 1.4.4 code snippets:
function sanitizeRedirect($redirectTo, $forceHost=false) {
$redirect = NULL;
if ($redirectTo && $redir = parse_url($redirectTo)) {
if (isset($redir['scheme']) && isset($redir['host'])) {
$redirect .= $redir['scheme'].'://'.sanitize($redir['host']);
} else {
if ($forceHost) {
$redirect .= SERVER_PROTOCOL.'://'.$_SERVER['HTTP_HOST'];
if(strpos($redirectTo, WEBPATH) === false) {
$redirect .= WEBPATH;
}
function zp_handle_password($authType=NULL, $check_auth=NULL, $check_user=NULL) {
...
$success = zp_apply_filter('guest_login_attempt', $success, $post_user, $post_pass, $authType);;
if ($success) {
// Correct auth info. Set the cookie.
if (DEBUG_LOGIN) debugLog("zp_handle_password: valid credentials");
zp_setCookie($authType, $auth);
if (isset($_POST['redirect'])) {
$redirect_to = sanitizeRedirect($_POST['redirect'], true);
if (!empty($redirect_to)) {
header("Location: " . $redirect_to);
exitZP();
}
}