diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py

index 9a2389a..ae701a7 100644

--- a/Mailman/Cgi/options.py

+++ b/Mailman/Cgi/options.py

@@ -18,6 +18,7 @@

 """Produce and handle the member options."""

 import sys

+import re

 import os

 import cgi

 import signal

@@ -149,19 +150,6 @@ def main():

     doc.set_language(userlang)

     i18n.set_language(userlang)

-    # See if this is VARHELP on topics.

-    varhelp = None

-    if cgidata.has_key('VARHELP'):

-        varhelp = cgidata['VARHELP'].value

-    elif os.environ.get('QUERY_STRING'):

-        # POST methods, even if their actions have a query string, don't get

-        # put into FieldStorage's keys :-(

-        qs = cgi.parse_qs(os.environ['QUERY_STRING']).get('VARHELP')

-        if qs and type(qs) == types.ListType:

-            varhelp = qs[0]

-    if varhelp:

-        topic_details(mlist, doc, user, cpuser, userlang, varhelp)

-        return

     # Are we processing an unsubscription request from the login screen?

     if cgidata.has_key('login-unsub'):

@@ -261,6 +249,22 @@ def main():

         print doc.Format()

         return

+    # See if this is VARHELP on topics.

+    varhelp = None

+    if cgidata.has_key('VARHELP'):

+        varhelp = cgidata['VARHELP'].value

+    elif os.environ.get('QUERY_STRING'):

+        # POST methods, even if their actions have a query string, don't get

+        # put into FieldStorage's keys :-(

+        qs = cgi.parse_qs(os.environ['QUERY_STRING']).get('VARHELP')

+        if qs and type(qs) == types.ListType:

+            varhelp = qs[0]

+    if varhelp:

+        # Sanitize the topic name.

+        varhelp = re.sub('<.*', '', varhelp)

+        topic_details(mlist, doc, user, cpuser, userlang, varhelp)

+        return

+

     # From here on out, the user is okay to view and modify their membership

     # options.  The first set of checks does not require the list to be

     # locked.