drupal_goto() does not take query string the way I expected.
A friend of mine contacted me about a problem he was having on his site. He was doing a lot of tests with login/logout and he had the login_security module enabled. This little module will ban users automatically if they enter the wrong password too many times.
My friend was getting redirected to a page not found when trying to login and he did not understand why. I looked into it and it took me some time to figure out that the problem was with the way drupal_goto() was being called.
The first parameter of drupal_goto() must a drupal path without any query string. But the author of login_security had passed the value being returned from drupal_get_destination(). The value was a query string format which caused the error.
The query string for drupal_goto() is NOT the first parameter. Go read the API documentation :)
Make a Payment to Christian Roy