diff -r a78b0798a116 -r 7e6537fd4730 plugins/SpecialUpdownload.php
--- a/plugins/SpecialUpdownload.php	Tue Nov 16 12:44:22 2010 -0500
+++ b/plugins/SpecialUpdownload.php	Tue Jul 12 22:13:37 2011 -0400
@@ -235,7 +235,7 @@
   if ( $db->numrows() < 1 )
   {
     header('HTTP/1.1 404 Not Found');
-    die_friendly('File not found', '<p>The file "'.$filename.'" cannot be found.</p>');
+    die_friendly('File not found', '<p>The file "'.htmlspecialchars($filename).'" cannot be found.</p>');
   }
   $row = $db->fetchrow();
   $db->free_result();