diff --git a/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php b/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
index fc37858e6b35ef59b777399bae7e17d85de74338..828c5bc07664008a85c8d3f9efd199c115872f13 100644
--- a/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
+++ b/lib/SimpleSAML/Bindings/SAML20/HTTPRedirect.php
@@ -95,7 +95,24 @@ class SimpleSAML_Bindings_SAML20_HTTPRedirect {
 			throw new Exception('SAMLRequest parameter not set in paramter (on SAML 2.0 HTTP Redirect binding endpoint)');
 		}
 		$rawRequest = 	$get["SAMLRequest"];
-		$relaystate = isset($get["RelayState"]) ? $get["RelayState"] : null;
+		/* We don't need to remove any magic quotes from the
+		 * SAMLRequest parameter since this parameter is guaranteed
+		 * to be base64-encoded.
+		 */
+
+		/* Check if the service provider has included a RelayState
+		 * parameter with the request. This parameter should be
+		 * included in the response to the SP after authentication.
+		 */
+		if(array_key_exists('RelayState', $get)) {
+			$relaystate = $get['RelayState'];
+			/* Remove any magic quotes that php may have added. */
+			if(get_magic_quotes_gpc()) {
+				$relaystate = stripslashes($relaystate);
+			}
+		} else {
+			$relaystate = NULL;
+		}
 		
 		$samlRequestXML = gzinflate(base64_decode( $rawRequest ));
          
diff --git a/www/saml2/idp/SSOService.php b/www/saml2/idp/SSOService.php
index 2140e4d6ef22599e4a44641b986375448664809b..e0c25874ee55d5fdb47cc3111dd310d2cbb985f6 100644
--- a/www/saml2/idp/SSOService.php
+++ b/www/saml2/idp/SSOService.php
@@ -63,6 +63,11 @@ if (isset($_GET['SAMLRequest'])) {
 	try {
 
 		$requestid = $_GET['RequestID'];
+		/* Remove any "magic" quotes that php may have added. */
+		if(get_magic_quotes_gpc()) {
+			$requestid = stripslashes($requestid);
+		}
+
 		$session = SimpleSAML_Session::getInstance();
 		$authnrequest = $session->getAuthnRequest($requestid);