diff --git a/extras/anytermd/ChangeLog b/extras/anytermd/ChangeLog
index 76e7efe047..a7080b99ce 100644
--- a/extras/anytermd/ChangeLog
+++ b/extras/anytermd/ChangeLog
@@ -1,3 +1,8 @@
+2013-10-10  Ramon Novoa  <rnovoa@artica.es>
+
+	* src/expand_command.cc: Improved injection detection. Thanks to
+	  Robert van Hamburg (xistence) for finding the vulnerability.
+
 2013-10-10  Ramon Novoa  <rnovoa@artica.es>
 
 	* src/expand_command.cc,
diff --git a/extras/anytermd/src/expand_command.cc b/extras/anytermd/src/expand_command.cc
index afc547e21b..1edb4b6dc9 100644
--- a/extras/anytermd/src/expand_command.cc
+++ b/extras/anytermd/src/expand_command.cc
@@ -25,8 +25,10 @@ using namespace std;
 string safe_param (string param)
 {
 
-	// Remove leading backticks
-	while (!param.empty() && param.at(0) == '`') {
+	// Remove leading backticks and blanks
+	while (!param.empty() && (param.at(0) == '`' ||
+	                          param.at(0) == '\t'||
+	                          param.at(0) == ' ')) {
 	    param.erase(0);
 	}