[1.1.X] Fixed #11457: tightened the security check for "next" redirects after logins.

The new behavior still disallows redirects to off-site URLs, but now allows
redirects of the form `/some/other/view?foo=http://...`.

Thanks to brutasse.

Backport of [12635] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@12636 bcc190cf-cafb-0310-a4f2-bffc1f526a37