diff --git a/index.php b/index.php
index e1f6d6f..612613c 100644
--- a/index.php
+++ b/index.php
@@ -93,7 +93,7 @@ Also consider using a password manager.<br>
 
         # send admin message
         $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, SYNAPSE_URL.'/_matrix/client/v3/rooms/'.ROOM_ID.'/send/m.room.message/'.$nonce);
+        curl_setopt($ch, CURLOPT_URL, SYNAPSE_URL.'/_matrix/client/v3/rooms/'.ROOM_ID.'/send/m.room.message/'.filter_var($_POST['nonce'], FILTER_SANITIZE_FULL_SPECIAL_CHARS));
         curl_setopt($ch, CURLOPT_PUT, true);
         curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode([
             'body' => $decoded_response->user_id.' just registered',