diff --git a/admin/modules/style/themes.php b/admin/modules/style/themes.php
index 575ab0832e..38f448f3d1 100644
--- a/admin/modules/style/themes.php
+++ b/admin/modules/style/themes.php
@@ -1447,7 +1447,7 @@ function checkAction(id)
$sep = " {$lang->and} ";
}
- $inherited .= $sep.$file;
+ $inherited .= $sep.htmlspecialchars_uni($file);
$sep = $lang->comma;
++$count;
@@ -1558,7 +1558,7 @@ function checkAction(id)
$popup->add_item($lang->delete_revert, "index.php?module=style-themes&action=delete_stylesheet&file=".htmlspecialchars_uni($filename)."&tid={$theme['tid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_stylesheet_deletion}')");
}
- $table->construct_cell("{$filename}{$inherited}
{$attached_to}");
+ $table->construct_cell("".htmlspecialchars_uni($filename)."{$inherited}
{$attached_to}");
$table->construct_cell($form->generate_numeric_field("disporder[{$theme_stylesheets[$filename]['sid']}]", $properties['disporder'][$filename], array('style' => 'width: 80%; text-align: center;', 'min' => 0)), array("class" => "align_center"));
$table->construct_cell($popup->fetch(), array("class" => "align_center"));
$table->construct_row();