diff --git a/wp-admin/upgrade.php b/wp-admin/upgrade.php
index 4b7d3c15c..67618d0af 100644
--- a/wp-admin/upgrade.php
+++ b/wp-admin/upgrade.php
@@ -32,7 +32,9 @@ else
 <?php else :
 switch($step) :
 	case 0:
-		$goback = clean_url(stripslashes(wp_get_referer()));
+		$goback = stripslashes(wp_get_referer());
+		$goback = clean_url($goback, null, 'url');
+		$goback = urlencode($goback);
 ?>
 <h2><?php _e('Database Upgrade Required'); ?></h2>
 <p><?php _e('Your WordPress database is out-of-date, and must be upgraded before you can continue.'); ?></p>
@@ -45,8 +47,10 @@ switch($step) :
 
 		if ( empty( $_GET['backto'] ) )
 			$backto = __get_option('home') . '/';
-		else
-			$backto = clean_url(stripslashes($_GET['backto']));
+		else {
+			$backto = stripslashes(urldecode($_GET['backto']));
+			$backto = clean_url($backto, null, 'url');
+		}
 ?>
 <h2><?php _e('Upgrade Complete'); ?></h2>
 	<p><?php _e('Your WordPress database has been successfully upgraded!'); ?></p>