Handled bad redirect URLs for private sites

no issue

- Sentry flagged up a redirect URL for the POST action of accessing a
  private site which would throw a 500
- `decodeURIComponent` would throw an error if it was passed bad data
- this commit moves the `decodeURIComponent` inside the try-catch to
  handle the error

core/frontend/apps/private-blogging/lib/middleware.js

@@ -22,9 +22,8 @@ function verifySessionHash(salt, hash) {
 }
 
 function getRedirectUrl(query) {
-    const redirect = decodeURIComponent(query.r || '/');
-
     try {
+        const redirect = decodeURIComponent(query.r || '/');
         return url.parse(redirect).pathname;
     } catch (e) {
         return '/';