diff --git a/core/lostpassword/index.php b/core/lostpassword/index.php
index 6bed7bdd93f7412568cb96c6ba6d96e234aaa488..bd2a3e897e5de8c6dd484ebc8db46f83ce5fddc4 100644
--- a/core/lostpassword/index.php
+++ b/core/lostpassword/index.php
@@ -17,7 +17,7 @@ if (isset($_POST['user'])) {
 		OC_Preferences::setValue($_POST['user'], 'owncloud', 'lostpassword', $token);
 		$email = OC_Preferences::getValue($_POST['user'], 'settings', 'email', '');
 		if (!empty($email) and isset($_POST['sectoken']) and isset($_SESSION['sectoken']) and ($_POST['sectoken']==$_SESSION['sectoken']) ) {
-			$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.$_POST['user'].'&token='.$token;
+			$link = OC_Helper::linkToAbsolute('core/lostpassword', 'resetpassword.php').'?user='.urlencode($_POST['user']).'&token='.$token;
 			$tmpl = new OC_Template('core/lostpassword', 'email');
 			$tmpl->assign('link', $link);
 			$msg = $tmpl->fetchPage();