diff --git a/user/tabs.php b/user/tabs.php
index 85dd670723a..a67986f34e5 100644
--- a/user/tabs.php
+++ b/user/tabs.php
@@ -9,6 +9,10 @@
         $filterselect = '';
     }
 
+    //make sure everything is cleaned properly
+    $filtertype   = clean_param($filtertype, PARAM_ALPHA);
+    $filterselect = clean_param($filterselect, PARAM_INT);
+
     if (empty($currenttab) or empty($user) or empty($course)) {
         //error('You cannot call this script in that way');
     }