diff --git a/files/js/fileactions.js b/files/js/fileactions.js
index 1bdbc4ac0bb17a1cb19e2cb4ca19512daf0eafcd..b683dc0cd3a46d4ba0dd6ff2fd4a179e27731652 100644
--- a/files/js/fileactions.js
+++ b/files/js/fileactions.js
@@ -86,7 +86,7 @@ FileActions.register('all','Download',function(filename){
 FileActions.register('all','Delete',function(filename){
 	$.ajax({
 		url: 'ajax/delete.php',
-		data: "dir="+$('#dir').val()+"&file="+filename,
+		data: "dir="+encodeURIComponent($('#dir').val())+"&file="+encodeURIComponent(filename),
 		complete: function(data){
 			boolOperationFinished(data, function(){
 				FileList.remove(filename);
diff --git a/files/js/files.js b/files/js/files.js
index c8cef87eb942cfc333574ac6facd8b87f556f7f0..af0c344f18dc335250e6173660e568356bd5c609 100644
--- a/files/js/files.js
+++ b/files/js/files.js
@@ -117,7 +117,7 @@ $(document).ready(function() {
 		//send the browser to the download location
 		var dir=$('#dir').val()||'/';
 // 		alert(files);
-		window.location='ajax/download.php?files='+files+'&dir='+dir;
+		window.location='ajax/download.php?files='+encodeURIComponent(files)+'&dir='+encodeURIComponent(dir);
 		return false;
 	});
 	
@@ -130,7 +130,7 @@ $(document).ready(function() {
 		
 		$.ajax({
 			url: 'ajax/delete.php',
-			data: "dir="+$('#dir').val()+"&files="+files,
+			data: "dir="+$('#dir').val()+"&files="+encodeURIComponent(files),
 			complete: function(data){
 				boolOperationFinished(data, function(){
 					$('td.selection input:checkbox:checked').parent().parent().each(function(i,element){