diff --git a/web/view/file/index.php b/web/view/file/index.php
index aed9523d..e3e77249 100644
--- a/web/view/file/index.php
+++ b/web/view/file/index.php
@@ -13,10 +13,10 @@ if (($_SESSION['user'] == 'admin') && (!empty($_SESSION['look']))) {
 }
 
 if (!empty($_REQUEST['path'])) {
-    $path = $_REQUEST['path'];
+    $path = htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8');
     if (!empty($_REQUEST['raw'])) {
         header('content-type: image/jpeg');
-        passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg(htmlspecialchars($_REQUEST['path'], ENT_QUOTES, 'UTF-8')));
+        passthru (VESTA_CMD . "v-open-fs-file " . $user . " " . escapeshellarg($path));
         exit;
     }
 }