diff --git a/include/class.osticket.php b/include/class.osticket.php
index 98e660e184..2835f6dbfc 100644
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -366,10 +366,10 @@ function get_db_input($index, $vars, $quote=true) {
 
     static function get_path_info() {
         if(isset($_SERVER['PATH_INFO']))
-            return $_SERVER['PATH_INFO'];
+            return htmlentities($_SERVER['PATH_INFO']);
 
         if(isset($_SERVER['ORIG_PATH_INFO']))
-            return $_SERVER['ORIG_PATH_INFO'];
+            return htmlentities($_SERVER['ORIG_PATH_INFO']);
 
         //TODO: conruct possible path info.