diff --git a/CHANGELOG.md b/CHANGELOG.md
index b53804e8..1dff3b1c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,9 @@
 
 1. [](#new)
     * Added new event `onAdminPage` which allows plugins to customize `Page` object in `$event['page']`
-
+1. [](#improved)
+    * Use `Url:post()` to get the `$_POST` variable (allows common security checks/filtering for the POST data)
+    
 # v1.8.9
 ## 08/23/2018
 
diff --git a/admin.php b/admin.php
index fa88d0c2..7f03a845 100644
--- a/admin.php
+++ b/admin.php
@@ -360,7 +360,7 @@ class AdminPlugin extends Plugin
         }
 
         // Make local copy of POST.
-        $post = !empty($_POST) ? $_POST : [];
+        $post = $this->grav['uri']->post();
 
         // Handle tasks.
         $this->admin->task = $task = !empty($post['task']) ? $post['task'] : $this->uri->param('task');
diff --git a/classes/admin.php b/classes/admin.php
index b8e110e7..4c53f8d4 100644
--- a/classes/admin.php
+++ b/classes/admin.php
@@ -595,7 +595,8 @@ class Admin
         }
 
         if (!$post) {
-            $post = isset($_POST['data']) ? $_POST['data'] : [];
+            $post = $this->grav['uri']->post();
+            $post = isset($post['data']) ? $post['data'] : [];
         }
 
         // Check to see if a data type is plugin-provided, before looking into core ones