diff --git a/ChangeLog b/ChangeLog
index 3e4e80a67..0fd6595b1 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@ $Source$
 2002-08-12 Alexander M. Turek  <rabus@users.sourceforge.net>
     * libraries/defines_php.lib.php3, Documentation.*, translators.html:
       corrected version number.
+    * libraries/grab_globals.lib.php3: disallow accessing serious server files
+      via "?goto=".
 
 2002-08-11 Robin Johnson  <robbat2@users.sourceforge.net>
     ### 2.3.0 is released ###
diff --git a/libraries/grab_globals.lib.php3 b/libraries/grab_globals.lib.php3
index 3792e014a..5b0f242e0 100644
--- a/libraries/grab_globals.lib.php3
+++ b/libraries/grab_globals.lib.php3
@@ -40,5 +40,10 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
         $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
     } // end if
 
+    // Securety fix: disallow accessing serious server files via "?goto="
+    if (isset($goto) && strpos(' ' . $goto, '/') > 0 && substr($goto, 0, 2) != './') {
+        unset($goto);
+    } // end if
+
 } // $__PMA_GRAB_GLOBALS_LIB__
-?>
\ No newline at end of file
+?>