1 files changed, 2 insertions, 1 deletions

diff --git a/index.php b/index.php
index b90b1b310a9..e3c94adf66f 100755
--- a/index.php
+++ b/index.php
@@ -69,6 +69,7 @@ elseif(OC_User::isLoggedIn()) {
 
 // For all others cases, we display the guest page :
 } else {
+	OC_App::loadApps(array('prelogin'));
 	$error = false;
 	// remember was checked after last login
 	if(isset($_COOKIE["oc_remember_login"]) && isset($_COOKIE["oc_token"]) && isset($_COOKIE["oc_username"]) && $_COOKIE["oc_remember_login"]) {
@@ -121,7 +122,7 @@ elseif(OC_User::isLoggedIn()) {
 	if(!array_key_exists('sectoken', $_SESSION) || (array_key_exists('sectoken', $_SESSION) && is_null(OC::$REQUESTEDFILE)) || substr(OC::$REQUESTEDFILE, -3) == 'php'){
 		$sectoken=rand(1000000,9999999);
 		$_SESSION['sectoken']=$sectoken;
-		$redirect_url = (isset($_REQUEST['redirect_url'])) ? $_REQUEST['redirect_url'] : $_SERVER['REQUEST_URI'];
+		$redirect_url = (isset($_REQUEST['redirect_url'])) ? OC_Util::sanitizeHTML($_REQUEST['redirect_url']) : $_SERVER['REQUEST_URI'];
 		OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => $redirect_url));
 	}
 }