diff --git a/l.php b/l.php
index 657952e266f1498846db84c663e135997ecb242f..5e605c73cb3d48c32409c8ff89f727199bcbbba3 100644
--- a/l.php
+++ b/l.php
@@ -14,10 +14,8 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require 'secure.inc.php';
-
-global $_GET;
-$url = $_GET['url'];
-if (!$url) exit();
+$url = trim($_GET['url']);
+if (!$url || !Validator::is_url($url)) exit('Invalid url');
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
diff --git a/scp/l.php b/scp/l.php
index 2c66c2835eefcafb6711416228fa985878c43428..93fff3a24894612017f53ff0bb0a119b656f8b9d 100644
--- a/scp/l.php
+++ b/scp/l.php
@@ -14,10 +14,8 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require_once 'staff.inc.php';
-
-global $_GET;
-$url = $_GET['url'];
-if (!$url) exit();
+$url = trim($_GET['url']);
+if (!$url || !Validator::is_url($url)) exit('Invalid url');
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>