diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 4fdeb12d3a..0cf1ab0f24 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2352,6 +2352,12 @@ function redirect($url, $return = false, $disable_cd_check = false)
 		trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
 	}
 
+	// Make sure we don't redirect to external URLs
+	if (!$disable_cd_check && strpos($url, generate_board_url(true) . '/') !== 0)
+	{
+		trigger_error('Tried to redirect to potentially insecure url.', E_USER_ERROR);
+	}
+
 	// Make sure no linebreaks are there... to prevent http response splitting for PHP < 4.4.2
 	if (strpos(urldecode($url), "\n") !== false || strpos(urldecode($url), "\r") !== false || strpos($url, ';') !== false)
 	{
diff --git a/tests/security/redirect_test.php b/tests/security/redirect_test.php
index 21fb103ed1..0631365292 100644
--- a/tests/security/redirect_test.php
+++ b/tests/security/redirect_test.php
@@ -51,6 +51,9 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
 			array('../index.php', false, false, 'http://localhost/index.php'),
 			array('../index.php', true, false, 'http://localhost/index.php'),
 			array('./index.php', false, false, 'http://localhost/phpBB/index.php'),
+			array('https://foobar.com\@http://localhost/phpBB', false, false, 'http://localhost/phpBB'),
+			array('https://foobar.com\@localhost/troll/http://localhost/', false, 'INSECURE_REDIRECT', false),
+			array('http://localhost.foobar.com\@localhost/troll/http://localhost/', false, 'INSECURE_REDIRECT', false),
 		);
 	}