Index: wp-login.php
===================================================================
--- wp-login.php	(revision 2569)
+++ wp-login.php	(working copy)
@@ -23,12 +23,17 @@
 case 'logout':
 
 	wp_clearcookie();
-	do_action('wp_logout');
+	// do_action('wp_logout');       No plugins are loaded... so this is absolutely useless
 	header('Expires: Wed, 11 Jan 1984 05:00:00 GMT');
 	header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
 	header('Cache-Control: no-cache, must-revalidate, max-age=0');
 	header('Pragma: no-cache');
-	wp_redirect('wp-login.php');
+	
+	$redirect_to = 'wp-login.php';
+	if ( isset($_REQUEST['redirect_to']) )
+		$redirect_to = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $_REQUEST['redirect_to']);
+			
+	wp_redirect($redirect_to);
 	exit();
 
 break;
@@ -182,7 +187,7 @@
 
 	if ($user_login && $user_pass) {
 		$user = get_userdatabylogin($user_login);
-		if ( 0 == $user->user_level )
+		if ( 0 == $user->user_level && (empty($_REQUEST['redirect_to']) || $_REQUEST['redirect_to'] == 'wp-admin/') )
 			$redirect_to = get_settings('siteurl') . '/wp-admin/profile.php';
 
 		if ( wp_login($user_login, $user_pass, $using_cookie) ) {