diff --git a/app/controllers/system/AuthController.php b/app/controllers/system/AuthController.php
index 10486ae2f5..034d9fed9b 100644
--- a/app/controllers/system/AuthController.php
+++ b/app/controllers/system/AuthController.php
@@ -218,6 +218,7 @@ private function _getRedirectUrl() {
 		$host = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'];
 		$redirect_url = $this->request->getParameter('redirect', pString, null, ['forcePurify' => true]) ?: caNavUrl($this->request, null, null, null);
 		
+		$redirect_url = preg_replace("![^A-Za-z0-9/:\?\._\*\+\-]+.*!", '', $redirect_url);
 		if(!preg_match('!^'.preg_quote($host, '!').'!', $redirect_url)) {
 			$redirect_url = null;
 		}