diff --git a/classes/Dispatcher.php b/classes/Dispatcher.php
index d95fbded5..5c19473f4 100644
--- a/classes/Dispatcher.php
+++ b/classes/Dispatcher.php
@@ -255,7 +255,7 @@ class DispatcherCore
 
 			// Dispatch module controller for front office
 			case self::FC_MODULE :
-				$module_name = Tools::getValue('module');
+				$module_name = Validate::isModuleName(Tools::getValue('module')) ? Tools::getValue('module') : '';
 				$module = Module::getInstanceByName($module_name);
 				$controller_class = 'PageNotFoundController';
 				if (Validate::isLoadedObject($module) && $module->active)
@@ -537,7 +537,7 @@ class DispatcherCore
 
 		$controller = Tools::getValue('controller');
 
-		if (isset($controller) && preg_match('/^([0-9a-z_-]+)\?(.*)=(.*)$/Ui', $controller, $m))
+		if (isset($controller) && is_string($controller) && preg_match('/^([0-9a-z_-]+)\?(.*)=(.*)$/Ui', $controller, $m))
 		{
 			$controller = $m[1];
 			if (isset($_GET['controller']))
@@ -545,7 +545,8 @@ class DispatcherCore
 			else if (isset($_POST['controller']))
 				$_POST[$m[2]] = $m[3];
 		}
-
+		if (!Validate::isControllerName($controller))
+			$controller = false;
 		// Use routes ? (for url rewriting)
 		if ($this->use_routes && !$controller)
 		{
diff --git a/classes/Validate.php b/classes/Validate.php
index 2cbd6d4c0..dfdb5e5ab 100644
--- a/classes/Validate.php
+++ b/classes/Validate.php
@@ -197,7 +197,7 @@ class ValidateCore
 	 */
 	public static function isModuleName($module_name)
 	{
-		return preg_match('/^[a-zA-Z0-9_-]+$/', $module_name);
+		return (is_string($module_name) && preg_match('/^[a-zA-Z0-9_-]+$/', $module_name));
 	}
 
 	/**
@@ -987,6 +987,11 @@ class ValidateCore
 	{
 		return (bool)preg_match('/^[0-9]{3,4}[a-zA-Z]{1}$/s', $ape);
 	}
+	
+	public static function isControllerName($name)
+	{
+		return (bool)(is_string($name) && preg_match('/^[0-9a-zA-Z-_]*$/u', $name));
+	}
 
 }
 
diff --git a/classes/controller/FrontController.php b/classes/controller/FrontController.php
index 89a75bc7a..e47240c0e 100755
--- a/classes/controller/FrontController.php
+++ b/classes/controller/FrontController.php
@@ -573,7 +573,7 @@ class FrontControllerCore extends Controller
 
 			header('HTTP/1.0 301 Moved');
 			if (defined('_PS_MODE_DEV_') && _PS_MODE_DEV_ && $_SERVER['REQUEST_URI'] != __PS_BASE_URI__)
-				die('[Debug] This page has moved<br />Please use the following URL instead: <a href="'.$canonicalURL.$strParams.'">'.$canonicalURL.$strParams.'</a>');
+				die('[Debug] This page has moved<br />Please use the following URL instead: <a href="'.$canonicalURL.Tools::safeOutput($strParams).'">'.$canonicalURL.Tools::safeOutput($strParams).'</a>');
 			Tools::redirectLink($canonicalURL.$strParams);
 		}
 	}