2 files changed, 4 insertions, 4 deletions

diff --git a/modules/viewvc/files/setcookieredirect.html b/modules/viewvc/files/setcookieredirect.html
index 17322c18..fe98b9dc 100644
--- a/modules/viewvc/files/setcookieredirect.html
+++ b/modules/viewvc/files/setcookieredirect.html
@@ -10,9 +10,9 @@
             });
             let path = params.to;
             // Sanitize redirect path to avoid malicious arbitrary redirects
-            if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(decodeURI(path))) {
+            if (/^\/[-a-zA-Z0-9~_.?&=/+]*$/.test(decodeURIComponent(path))) {
                 const current = new URL(window.location.toLocaleString());
-                window.location.href = current.origin + encodeURI(decodeURI(path));
+                window.location.href = encodeURI(current.origin + decodeURIComponent(path));
             } else {
                 window.onload = function() {
                     document.getElementById('error').innerHTML = 'Error! Bad redirect location!';
diff --git a/modules/viewvc/manifests/init.pp b/modules/viewvc/manifests/init.pp
index e1d336c9..bd676f29 100644
--- a/modules/viewvc/manifests/init.pp
+++ b/modules/viewvc/manifests/init.pp
@@ -62,13 +62,13 @@ class viewvc {
 
     apache::vhost::base { $viewvc::var::hostname:
         aliases => $vhost_aliases,
-        content => template('apache/vhost_fcgid.conf'),
+        content => template('apache/vhost_fcgid_norobot.conf'),
     }
 
     apache::vhost::base { "ssl_${viewvc::var::hostname}":
         vhost   => $viewvc::var::hostname,
         use_ssl => true,
         aliases => $vhost_aliases,
-        content => template('apache/vhost_fcgid.conf'),
+        content => template('apache/vhost_fcgid_norobot.conf'),
     }
 }