diff --git a/Mailman/Cgi/options.py b/Mailman/Cgi/options.py
index 9a2389a..ae701a7 100644
--- a/Mailman/Cgi/options.py
+++ b/Mailman/Cgi/options.py
@@ -18,6 +18,7 @@
 """Produce and handle the member options."""
 
 import sys
+import re
 import os
 import cgi
 import signal
@@ -149,19 +150,6 @@ def main():
     doc.set_language(userlang)
     i18n.set_language(userlang)
 
-    # See if this is VARHELP on topics.
-    varhelp = None
-    if cgidata.has_key('VARHELP'):
-        varhelp = cgidata['VARHELP'].value
-    elif os.environ.get('QUERY_STRING'):
-        # POST methods, even if their actions have a query string, don't get
-        # put into FieldStorage's keys :-(
-        qs = cgi.parse_qs(os.environ['QUERY_STRING']).get('VARHELP')
-        if qs and type(qs) == types.ListType:
-            varhelp = qs[0]
-    if varhelp:
-        topic_details(mlist, doc, user, cpuser, userlang, varhelp)
-        return
 
     # Are we processing an unsubscription request from the login screen?
     if cgidata.has_key('login-unsub'):
@@ -261,6 +249,22 @@ def main():
         print doc.Format()
         return
 
+    # See if this is VARHELP on topics.
+    varhelp = None
+    if cgidata.has_key('VARHELP'):
+        varhelp = cgidata['VARHELP'].value
+    elif os.environ.get('QUERY_STRING'):
+        # POST methods, even if their actions have a query string, don't get
+        # put into FieldStorage's keys :-(
+        qs = cgi.parse_qs(os.environ['QUERY_STRING']).get('VARHELP')
+        if qs and type(qs) == types.ListType:
+            varhelp = qs[0]
+    if varhelp:
+        # Sanitize the topic name.
+        varhelp = re.sub('<.*', '', varhelp)
+        topic_details(mlist, doc, user, cpuser, userlang, varhelp)
+        return
+
     # From here on out, the user is okay to view and modify their membership
     # options.  The first set of checks does not require the list to be
     # locked.