diff --git a/core/Common.php b/core/Common.php
index 5c1391bfdb65414abf1f8949e58c1e65a39f91b7..a11b3f977b1f092588d94aff48bd1a2fb498d434 100644
--- a/core/Common.php
+++ b/core/Common.php
@@ -263,7 +263,7 @@ class Common
         if (is_numeric($value)) {
             return $value;
         } elseif (is_string($value)) {
-            $value = self::sanitizeInputValue($value);
+            $value = self::sanitizeString($value);
 
             if (!$alreadyStripslashed) // a JSON array was already stripslashed, don't do it again for each value
             {
@@ -289,21 +289,31 @@ class Common
     }
 
     /**
-     * Sanitize a single input value
+     * Sanitize a single input value and removes line breaks, tabs and null characters.
      *
      * @param string $value
      * @return string  sanitized input
      */
     public static function sanitizeInputValue($value)
+    {
+        $value = self::sanitizeLineBreaks($value);
+        $value = self::sanitizeString($value);
+        return $value;
+    }
+
+    /**
+     * Sanitize a single input value
+     *
+     * @param $value
+     * @return string
+     */
+    private static function sanitizeString($value)
     {
         // $_GET and $_REQUEST already urldecode()'d
         // decode
         // note: before php 5.2.7, htmlspecialchars() double encodes &#x hex items
         $value = html_entity_decode($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
 
-        // filter
-        $value = self::sanitizeLineBreaks($value);
-
         // escape
         $tmp = @htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
 
@@ -312,6 +322,7 @@ class Common
             // convert and escape
             $value = utf8_encode($value);
             $tmp = htmlspecialchars($value, self::HTML_ENCODING_QUOTE_STYLE, 'UTF-8');
+            return $tmp;
         }
         return $tmp;
     }
diff --git a/tests/PHPUnit/Unit/CommonTest.php b/tests/PHPUnit/Unit/CommonTest.php
index 86d03c4bdbfd2d90a2eb5f7c73ddfecf18bc85bd..80fa014bc591b400adb49ec4545c75a43988ece7 100644
--- a/tests/PHPUnit/Unit/CommonTest.php
+++ b/tests/PHPUnit/Unit/CommonTest.php
@@ -199,6 +199,7 @@ class Core_CommonTest extends PHPUnit_Framework_TestCase
             array(array("test", 1345524, array("gaga")), array(), 'array', array("test", 1345524, array("gaga"))), // array as a default value / types
             array(array("test", 1345524, array("gaga")), 45, 'string', "45"),
             array(array("test", 1345524, array("gaga")), array(1), 'array', array("test", 1345524, array("gaga"))),
+            array(array("test", 1345524, "Start of hello\nworld\n\t", array("gaga")), array(1), 'array', array("test", 1345524, "Start of hello\nworld\n\t", array("gaga"))),
             array(array("test", 1345524, array("gaga")), 4, 'int', 4),
             array('', array(1), 'array', array(1)),
             array('', array(), 'array', array()),