diff --git a/wp-admin/options.php b/wp-admin/options.php
index f21fb228a8..610e54c857 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -86,7 +86,7 @@ case 'update':
     
 	$referred = str_replace('?updated=true' , '', $_SERVER['HTTP_REFERER']);
 	$goback = str_replace('?updated=true', '', $_SERVER['HTTP_REFERER']) . '?updated=true';
-	$goback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $goback);
+	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
     header('Location: ' . $goback);
     break;
 
diff --git a/wp-admin/post.php b/wp-admin/post.php
index 6992d393f0..c0eece3b11 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -458,7 +458,7 @@ case 'delete':
 
 	$sendback = $_SERVER['HTTP_REFERER'];
 	if (strstr($sendback, 'post.php')) $sendback = get_settings('siteurl') .'/wp-admin/post.php';
-	$sendback = preg_replace('|[^a-z?=&/~.:_-]|i', '', $sendback);
+	$sendback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $sendback);
 	header ('Location: ' . $sendback);
 	do_action('delete_post', $post_id);
 	break;
diff --git a/wp-comments-post.php b/wp-comments-post.php
index c91e8dae0c..c9d1ccc587 100644
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -89,16 +89,16 @@ if ((get_settings('comments_notify')) && ($approved)) {
 	wp_notify_postauthor($comment_ID, 'comment');
 }
 
-setcookie('comment_author_' . $cookiehash, stripslashes($author), time() + 30000000, COOKIEPATH);
-setcookie('comment_author_email_' . $cookiehash, stripslashes($email), time() + 30000000, COOKIEPATH);
-setcookie('comment_author_url_' . $cookiehash, stripslashes($url), time() + 30000000, COOKIEPATH);
+setcookie('comment_author_' . COOKIEHASH, stripslashes($author), time() + 30000000, COOKIEPATH);
+setcookie('comment_author_email_' . COOKIEHASH, stripslashes($email), time() + 30000000, COOKIEPATH);
+setcookie('comment_author_url_' . COOKIEHASH, stripslashes($url), time() + 30000000, COOKIEPATH);
 
 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 header('Cache-Control: no-cache, must-revalidate');
 header('Pragma: no-cache');
-$location = (empty($_POST['redirect_to'])) ? $_SERVER["HTTP_REFERER"] : $_POST['redirect_to'];
-$location = preg_replace('|[^a-z?=&/~.:_-]|i', '', $location);
+
+$location = get_permalink($comment_ID);
 
 if ($is_IIS) {
 	header("Refresh: 0;url=$location");
diff --git a/wp-login.php b/wp-login.php
index 9e0115cf8b..4534a55b2d 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -139,7 +139,7 @@ default:
 	if( !empty($_POST) ) {
 		$log = $_POST['log'];
 		$pwd = $_POST['pwd'];
-		$redirect_to = preg_replace('|[^a-z?=&/~.:_-]|i', '', $_POST['redirect_to']);
+		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_POST['redirect_to']);
 	}
 	
 	$user = get_userdatabylogin($log);