diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index c6647017a6a223aebb2f7decade89ca0e4bfc247..b58328583530b9b9158492c7af0b3184729510f3 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -194,6 +194,7 @@ function GETPOST($paramname,$check='',$method=0)
     		// '../' is dangerous because it allows dir transversals
 		    if (preg_match('/"/',$out)) $out='';
 			else if (preg_match('/\.\.\//',$out)) $out='';
+			else if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
 		}
 		elseif ($check == 'special')
 		{