diff -r b79029a49d28 -r d8983d3a8468 plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php	Fri Jun 03 10:45:21 2011 -0400
+++ b/plugins/SpecialUserFuncs.php	Tue Jul 12 22:15:18 2011 -0400
@@ -408,7 +408,7 @@
 				$name = get_page_title($_POST['return_to']);
 				$subst = array(
 						'username' => $session->username,
-						'redir_target' => $name
+						'redir_target' => htmlspecialchars($name)
 					);
 				redirect( makeUrl($_POST['return_to'], $get_add), $lang->get('user_login_success_title'), $lang->get('user_login_success_body', $subst) );
 			}