Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v
diff -u -r1.133.2.40 -r1.133.2.41
--- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl	22 May 2014 21:11:43 -0000	1.133.2.40
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl	23 May 2014 13:42:28 -0000	1.133.2.41
@@ -2148,6 +2148,8 @@
         # is not secure bug in IE
 	set use_metarefresh_p 1
     }
+    # Sanitize URL to avoid potential injection attack
+    regsub -all {[\r\n]} $url "" url
     if { $use_metarefresh_p != 0 } {
         util_ReturnMetaRefresh $url 
     } else {