diff --git a/system/logout.php b/system/logout.php
index 4f653ecbe..dd72a455a 100644
--- a/system/logout.php
+++ b/system/logout.php
@@ -22,11 +22,5 @@
 
 		$logged = false;
 		unset($account_logged);
-
-		if(isset($_REQUEST['redirect']))
-		{
-			header('Location: ' . urldecode($_REQUEST['redirect']));
-			exit;
-		}
 	}
 }
diff --git a/system/pages/account/redirect.php b/system/pages/account/redirect.php
index 8abff630b..166591609 100644
--- a/system/pages/account/redirect.php
+++ b/system/pages/account/redirect.php
@@ -12,6 +12,12 @@
 
 $redirect = urldecode($_REQUEST['redirect']);
 
+// should never happen, unless hacker modify the URL
+if (!str_contains($_REQUEST['redirect'], BASE_URL)) {
+	error('Fatal error: Cannot redirect outside the website.');
+	return;
+}
+
 $twig->display('account.redirect.html.twig', array(
 	'redirect' => $redirect
 ));