diff --git a/system/login.php b/system/login.php
index 095b849cd..9f6d7454d 100644
--- a/system/login.php
+++ b/system/login.php
@@ -42,12 +42,6 @@
 
 			$logged = false;
 			unset($account_logged);
-
-			if(isset($_REQUEST['redirect']))
-			{
-				header('Location: ' . urldecode($_REQUEST['redirect']));
-				exit;
-			}
 		}
 	}
 }
diff --git a/system/pages/accountmanagement.php b/system/pages/accountmanagement.php
index 498fe895f..573fc2df4 100644
--- a/system/pages/accountmanagement.php
+++ b/system/pages/accountmanagement.php
@@ -52,9 +52,16 @@
 	{
 		$redirect = urldecode($_REQUEST['redirect']);
 
+		// should never happen, unless hacker modify the URL
+		if (strpos($_REQUEST['redirect'], BASE_URL) === false) {
+			error('Fatal error: Cannot redirect outside the website.');
+			return;
+		}
+
 		$twig->display('account.redirect.html.twig', array(
 			'redirect' => $redirect
 		));
+
 		return;
 	}