diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index 5f45b88359..f5a766dd57 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -64,7 +64,7 @@ if (isset($_GET['avatar']))
 	$browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : 'msie 6.0';
 
 	$config = $cache->obtain_config();
-	$filename = $_GET['avatar'];
+	$filename = request_var('avatar', '');
 	$avatar_group = false;
 	$exit = false;