PR: https://github.com/mantisbt/mantisbt/pull/2222

For example, the “/admin/login_page.php?return=admin%2Findex.php” is converted to “admin/login_page.php?return=admin%2Findex.php” for "Login" button.

Oops, I meant that the link for the button should be “/login_page.php?return=admin%2Findex.php”, but because the “/” is missing, it turns into “login_page.php?return=admin%2Findex.php” and since the button is on the “/admin/” page, the full path becomes “/admin/login_page.php?return=admin%2Findex.php”.

Nice catch, thanks @raspopov.

MantisBT must be located in the root directory of the site, i.e., $g_short_path = '/'.

Just checking - are you actually setting $g_short_path (because normally you should not), or just stating that it holds / as set by core.php ?

By core.php, automatically.

I decided to write comprehensive tests for all execution paths within the string_sanitize_url() function and address all the “FIXME” markers. Surprisingly, the tests failed....

The patch I proposed fixes one bug but introduces another, albeit a less serious one. When calling the function with the absolute path flag (which wasn’t checked in the tests), the “/” is duplicated — for example, the link “https://localhost/css/default.css” becomes “https://localhost//css/default.css”.

I am proposing a new patch to restore the string changed in the previous patch, which also fixes the missing “/” error using a different method. It also resolves the issue of the '$g_short_path' string not being searched for thoroughly enough in the processed path. The new code also removes the double “/” characters where the $g_path, $g_short path, and query strings are merged.

https://github.com/mantisbt/mantisbt/pull/2224