diff --git a/CHANGELOG.md b/CHANGELOG.md
index 14653a33c..488d0e947 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,7 @@
   from the database when the group is deleted.
 * Fixed race conditions in the `setText`, `appendText`, and `restoreRevision`
   functions (HTTP API).
+* Fixed a crash if the database is busy enough to cause a query timeout.
 
 #### For plugin authors
 
diff --git a/src/node/hooks/express/padurlsanitize.js b/src/node/hooks/express/padurlsanitize.js
index b805fc4ba..ff1afa477 100644
--- a/src/node/hooks/express/padurlsanitize.js
+++ b/src/node/hooks/express/padurlsanitize.js
@@ -4,24 +4,27 @@ const padManager = require('../../db/PadManager');
 
 exports.expressCreateServer = (hookName, args, cb) => {
   // redirects browser to the pad's sanitized url if needed. otherwise, renders the html
-  args.app.param('pad', async (req, res, next, padId) => {
-    // ensure the padname is valid and the url doesn't end with a /
-    if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
-      res.status(404).send('Such a padname is forbidden');
-      return;
-    }
+  args.app.param('pad', (req, res, next, padId) => {
+    (async () => {
+      // ensure the padname is valid and the url doesn't end with a /
+      if (!padManager.isValidPadId(padId) || /\/$/.test(req.url)) {
+        res.status(404).send('Such a padname is forbidden');
+        return;
+      }
 
-    const sanitizedPadId = await padManager.sanitizePadId(padId);
+      const sanitizedPadId = await padManager.sanitizePadId(padId);
 
-    if (sanitizedPadId === padId) {
-      // the pad id was fine, so just render it
-      next();
-    } else {
-      // the pad id was sanitized, so we redirect to the sanitized version
-      const realURL = encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
-      res.header('Location', realURL);
-      res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
-    }
+      if (sanitizedPadId === padId) {
+        // the pad id was fine, so just render it
+        next();
+      } else {
+        // the pad id was sanitized, so we redirect to the sanitized version
+        const realURL =
+            encodeURIComponent(sanitizedPadId) + new URL(req.url, 'http://invalid.invalid').search;
+        res.header('Location', realURL);
+        res.status(302).send(`You should be redirected to <a href="${realURL}">${realURL}</a>`);
+      }
+    })().catch((err) => next(err || new Error(err)));
   });
   return cb();
 };