diff --git a/extras/anytermd/ChangeLog b/extras/anytermd/ChangeLog
index a7080b99ce..d5aae90075 100644
--- a/extras/anytermd/ChangeLog
+++ b/extras/anytermd/ChangeLog
@@ -1,3 +1,9 @@
+2013-10-11  Ramon Novoa  <rnovoa@artica.es>
+
+	* src/expand_command.cc: Remove more problematic characters
+	  from the parameters as suggested by Robert van Hamburg
+	  (xistence).
+
 2013-10-10  Ramon Novoa  <rnovoa@artica.es>
 
 	* src/expand_command.cc: Improved injection detection. Thanks to
diff --git a/extras/anytermd/src/expand_command.cc b/extras/anytermd/src/expand_command.cc
index 1edb4b6dc9..fb8d76047f 100644
--- a/extras/anytermd/src/expand_command.cc
+++ b/extras/anytermd/src/expand_command.cc
@@ -24,15 +24,24 @@ using namespace std;
 
 string safe_param (string param)
 {
+	string safe_string = "";
 
-	// Remove leading backticks and blanks
-	while (!param.empty() && (param.at(0) == '`' ||
-	                          param.at(0) == '\t'||
-	                          param.at(0) == ' ')) {
-	    param.erase(0);
+	// Remove problematic characters
+	for (unsigned int i = 0; i < param.size(); i++){
+		if (param[i] == '<' ||
+		    param[i] == '>' ||
+		    param[i] == '|' ||
+		    param[i] == '`' ||
+		    param[i] == '$' ||
+		    param[i] == ';' ||
+		    param[i] == '&') {
+			continue;
+		}
+
+		safe_string += param[i];
 	}
 
-	return param;
+	return safe_string;
 }
 
 // Expand command string: