diff --git a/system/pages/account/manage.php b/system/pages/account/manage.php
index 615ffdc7..d0a3eb75 100644
--- a/system/pages/account/manage.php
+++ b/system/pages/account/manage.php
@@ -21,6 +21,12 @@ if(!$logged) {
 if(isset($_REQUEST['redirect']))
 {
 	$redirect = urldecode($_REQUEST['redirect']);
+	
+	// should never happen, unless hacker modify the URL
+	if (!str_contains($redirect, BASE_URL)) {
+		error('Fatal error: Cannot redirect outside the website.');
+		return;
+	}
 
 	$twig->display('account.redirect.html.twig', array(
 		'redirect' => $redirect
diff --git a/system/pages/account/redirect.php b/system/pages/account/redirect.php
index 16659160..78bc54d9 100644
--- a/system/pages/account/redirect.php
+++ b/system/pages/account/redirect.php
@@ -13,7 +13,7 @@ defined('MYAAC') or die('Direct access not allowed!');
 $redirect = urldecode($_REQUEST['redirect']);
 
 // should never happen, unless hacker modify the URL
-if (!str_contains($_REQUEST['redirect'], BASE_URL)) {
+if (!str_contains($redirect, BASE_URL)) {
 	error('Fatal error: Cannot redirect outside the website.');
 	return;
 }