diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 396f01c27c..78fa24536f 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -191,6 +191,7 @@ p a {
 	<ul class="menu">
 		<li>[Fix] MySQL, PostgreSQL and SQLite related database fixes (Bug #13862)</li>
 		<li>[Fix] Allow MS SQL to properly connect when using the mssql driver and PHP is less than either 4.4.1 or 5.1 (Bug #13874)</li>
+		<li>[Fix] Ignore files containging HTML special chars in the filenames as gallery avatars (Bug #13906)</li>
 		<li>[Fix] Multiple PM recipients not separated (Bug #13876)</li>
 
 	</ul>
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 0194ec06a4..08b2d963ca 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1981,14 +1981,13 @@ function avatar_gallery($category, $avatar_select, $items_per_column, $block_var
 				$dp2 = @opendir("$path/$file");
 				while (($sub_file = readdir($dp2)) !== false)
 				{
-					if (preg_match('#\.(?:gif|png|jpe?g)$#i', $sub_file))
+					if (preg_match('#^[^&"<>]*\.(?:gif|png|jpe?g)$#i', $sub_file))
 					{
 						$avatar_list[$file][$avatar_row_count][$avatar_col_count] = array(
 							'file'		=> "$file/$sub_file",
 							'filename'	=> $sub_file,
 							'name'		=> ucfirst(str_replace('_', ' ', preg_replace('#^(.*)\..*$#', '\1', $sub_file))),
 						);
-
 						$avatar_col_count++;
 						if ($avatar_col_count == $items_per_column)
 						{