diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index a169136734..48110dbae3 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -74,7 +74,7 @@ if (isset($_GET['avatar']))
 	set_config(null, null, null, $config);
 	set_config_count(null, null, null, $config);
 
-	$filename = $_GET['avatar'];
+	$filename = request_var('avatar', '');
 	$avatar_group = false;
 	$exit = false;