diff --git a/CHANGELOG b/CHANGELOG
index 799a69105..6f0ff68ea 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,7 @@ CHANGELOG Roundcube Webmail
 - Fix folders list sorting on Windows - if php-intl is available (#5732)
 - Fix addressbook searching by gender (#5757)
 - Fix prevention from using % and * characters in folder name (#5762)
+- Fix POST parameter reflection in default_charset selector (#5768)
 - Enigma: Fix compatibility with assets_dir
 - Managesieve: Skip redundant LISTSCRIPTS command
 
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index cc093d992..4eb4ffd45 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -2064,8 +2064,8 @@ EOF;
             'GB2312'       => 'GB2312 ('.$this->app->gettext('chinese').')',
         );
 
-        if (!empty($_POST['_charset'])) {
-            $set = $_POST['_charset'];
+        if ($post = rcube_utils::get_input_value('_charset', rcube_utils::INPUT_POST)) {
+            $set = $post;
         }
         else if (!empty($attrib['selected'])) {
             $set = $attrib['selected'];
@@ -2075,7 +2075,7 @@ EOF;
         }
 
         $set = strtoupper($set);
-        if (!isset($charsets[$set])) {
+        if (!isset($charsets[$set]) && preg_match('/^[A-Z0-9-]+$/', $set)) {
             $charsets[$set] = $set;
         }
 
diff --git a/program/steps/settings/save_prefs.inc b/program/steps/settings/save_prefs.inc
index ec5504fce..0ddf3c7e5 100644
--- a/program/steps/settings/save_prefs.inc
+++ b/program/steps/settings/save_prefs.inc
@@ -67,6 +67,10 @@ case 'mailview':
         'default_charset' => rcube_utils::get_input_value('_default_charset', rcube_utils::INPUT_POST),
     );
 
+    if ($a_user_prefs['default_charset'] && !preg_match('/^[a-zA-Z0-9-]+$/', $a_user_prefs['default_charset'])) {
+        $a_user_prefs['default_charset'] = $CONFIG['default_charset'];
+    }
+
     break;
 
 case 'compose':