diff --git a/resources/login.php b/resources/login.php
index 8c743553fe..251064d97e 100644
--- a/resources/login.php
+++ b/resources/login.php
@@ -242,8 +242,15 @@
 //set variable if not set
 	if (!isset($_SESSION['login']['domain_name_visible']['boolean'])) { $_SESSION['login']['domain_name_visible']['boolean'] = null; }
 
-//set a default login destination
-	if (strlen($_SESSION['login']['destination']['url']) == 0) {
+//santize the login destination url and set a default value
+	if (isset($_SESSION['login']['destination']['url'])) {
+		$destination_path = parse_url($_SESSION['login']['destination']['url'])['path'];
+		$destination_query = parse_url($_SESSION['login']['destination']['url'])['query'];
+		$destination_path = preg_replace('#[^a-zA-Z0-9_\-\./]#', '', $destination_path);
+		$destination_query = preg_replace('#[^a-zA-Z0-9_\-\./&=]#', '', $destination_query);
+		$_SESSION['login']['destination']['url'] = (strlen($destination_query) > 0) ? $destination_path.'?'.$destination_query : $destination_path;
+	}
+	else {
 		$_SESSION['login']['destination']['url'] = PROJECT_PATH."/core/user_settings/user_dashboard.php";
 	}