diff --git a/classes/controller/FrontController.php b/classes/controller/FrontController.php
index ab9d3bad8..407e9966a 100755
--- a/classes/controller/FrontController.php
+++ b/classes/controller/FrontController.php
@@ -635,23 +635,24 @@ class FrontControllerCore extends Controller
 		if (!preg_match('/^'.Tools::pRegexp(rawurldecode($canonical_url), '/').'([&?].*)?$/', $match_url))
 		{
 			$params = array();
-			$excluded_key = array('isolang', 'id_lang', 'controller', 'fc');
-			foreach ($_GET as $key => $value)
-				if (!in_array($key, $excluded_key) && Validate::isUrl($key) && Validate::isUrl($value))
-					$params[$key] = $value;
-
 			$str_params = '';
 			$url_details = parse_url($canonical_url);
+
 			if (!empty($url_details['query']))
 			{
 				parse_str($url_details['query'], $query);
 				foreach ($query as $key => $value)
-					$params[$key] = $value;
+					$params[Tools::safeOutput($key)] = Tools::safeOutput($value);
 			}
 			
+			$excluded_key = array('isolang', 'id_lang', 'controller', 'fc');
+			foreach ($_GET as $key => $value)
+				if (!in_array($key, $excluded_key) && Validate::isUrl($key) && Validate::isUrl($value))
+					$params[Tools::safeOutput($key)] = Tools::safeOutput($value);
+
 			$str_params = http_build_query($params, '', '&');
 			if (!empty($str_params))
-				$final_url = preg_replace('/^([^?]*)?.*$/', '$1', $canonical_url).'?'.Tools::safeOutput($str_params);
+				$final_url = preg_replace('/^([^?]*)?.*$/', '$1', $canonical_url).'?'.$str_params;
 			else
 				$final_url = preg_replace('/^([^?]*)?.*$/', '$1', $canonical_url);