diff --git a/phpBB/common.php b/phpBB/common.php
index 491addc5e0..31ca746924 100644
--- a/phpBB/common.php
+++ b/phpBB/common.php
@@ -26,6 +26,8 @@ if (file_exists($phpbb_root_path . 'config.' . $phpEx))
 if (!defined('PHPBB_INSTALLED'))
 {
 	// Redirect the user to the installer
+	require($phpbb_root_path . 'includes/functions.' . $phpEx);
+
 	// We have to generate a full HTTP/1.1 header here since we can't guarantee to have any of the information
 	// available as used by the redirect function
 	$server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
@@ -38,10 +40,13 @@ if (!defined('PHPBB_INSTALLED'))
 		$script_name = (!empty($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : getenv('REQUEST_URI');
 	}
 
+	// $phpbb_root_path accounts for redirects from e.g. /adm
+	$script_path = trim(dirname($script_name)) . '/' . $phpbb_root_path . 'install/index.' . $phpEx;
 	// Replace any number of consecutive backslashes and/or slashes with a single slash
 	// (could happen on some proxy setups and/or Windows servers)
-	$script_path = trim(dirname($script_name)) . '/install/index.' . $phpEx;
 	$script_path = preg_replace('#[\\\\/]{2,}#', '/', $script_path);
+	// Eliminate . and .. from the path
+	$script_path = phpbb_clean_path($script_path);
 
 	$url = (($secure) ? 'https://' : 'http://') . $server_name;
 
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index ca58220619..65d8be32ad 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1176,6 +1176,36 @@ else
 	}
 }
 
+/**
+* Eliminates useless . and .. components from specified path.
+*
+* @param string $path Path to clean
+* @return string Cleaned path
+*/
+function phpbb_clean_path($path)
+{
+	$exploded = explode('/', $path);
+	$filtered = array();
+	foreach ($exploded as $part)
+	{
+		if ($part === '.' && !empty($filtered))
+		{
+			continue;
+		}
+
+		if ($part === '..' && !empty($filtered) && $filtered[sizeof($filtered) - 1] !== '..')
+		{
+			array_pop($filtered);
+		}
+		else
+		{
+			$filtered[] = $part;
+		}
+	}
+	$path = implode('/', $filtered);
+	return $path;
+}
+
 if (!function_exists('htmlspecialchars_decode'))
 {
 	/**
diff --git a/tests/functions/clean_path_test.php b/tests/functions/clean_path_test.php
new file mode 100644
index 0000000000..bcbe9838d9
--- /dev/null
+++ b/tests/functions/clean_path_test.php
@@ -0,0 +1,44 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2012 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
+
+class phpbb_clean_path_test extends phpbb_test_case
+{
+	public function clean_path_test_data()
+	{
+		return array(
+			array('foo', 'foo'),
+			array('foo/bar', 'foo/bar'),
+			array('foo/bar/', 'foo/bar/'),
+			array('foo/./bar', 'foo/bar'),
+			array('foo/./././bar', 'foo/bar'),
+			array('foo/bar/.', 'foo/bar'),
+			array('./foo/bar', './foo/bar'),
+			array('../foo/bar', '../foo/bar'),
+			array('one/two/three', 'one/two/three'),
+			array('one/two/../three', 'one/three'),
+			array('one/../two/three', 'two/three'),
+			array('one/two/..', 'one'),
+			array('one/two/../', 'one/'),
+			array('one/two/../three/../four', 'one/four'),
+			array('one/two/three/../../four', 'one/four'),
+		);
+	}
+
+	/**
+	* @dataProvider clean_path_test_data
+	*/
+	public function test_clean_path($input, $expected)
+	{
+		$output = phpbb_clean_path($input);
+
+		$this->assertEquals($expected, $output);
+	}
+}