diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 805a16ec69..1a896013d3 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -114,7 +114,7 @@
 		<li>[Fix] corrected link for searching post author's other posts (Bug #26455)</li>
 		<li>[Fix] HTTP Authentication supports UTF-8 usernames now (Bug #21135)</li>
 		<li>[Fix] Topic searches by author no longer return invalid results (Bug #11777)</li>
-
+		<li>[Change] Don't allow redirects to different domains. (thanks nookieman)</li>
 	</ul>
 
 	<a name="v300"></a><h3>1.ii. Changes since 3.0.0</h3>
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index ba12fd6e4e..43e89c10fa 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -1829,7 +1829,10 @@ function redirect($url, $return = false)
 	}
 	else if (!empty($url_parts['scheme']) && !empty($url_parts['host']))
 	{
-		// Full URL
+		if ($url_parts['host'] !== $user->host)
+		{
+			$url = generate_board_url(true);
+		}
 	}
 	else if ($url[0] == '/')
 	{
@@ -2045,11 +2048,14 @@ function meta_refresh($time, $url)
 	global $template;
 
 	$url = redirect($url, true);
+	$url = str_replace('&', '&amp;', $url);
 
 	// For XHTML compatibility we change back & to &amp;
 	$template->assign_vars(array(
-		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . str_replace('&', '&amp;', $url) . '" />')
+		'META' => '<meta http-equiv="refresh" content="' . $time . ';url=' . $url . '" />')
 	);
+	
+	return $url;
 }
 
 //Form validation
@@ -2331,7 +2337,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa
 				return;
 			}
 
-			meta_refresh(3, $redirect);
+			$redirect = meta_refresh(3, $redirect);
 			trigger_error($message . '<br /><br />' . sprintf($l_redirect, '<a href="' . $redirect . '">', '</a>'));
 		}