';
diff --git a/lam/templates/3rdParty/pla/htdocs/compare_form.php b/lam/templates/3rdParty/pla/htdocs/compare_form.php
index 520b24db..53894d76 100644
--- a/lam/templates/3rdParty/pla/htdocs/compare_form.php
+++ b/lam/templates/3rdParty/pla/htdocs/compare_form.php
@@ -25,12 +25,12 @@ $request['page']->setDN($request['dn']);
$request['page']->accept();
# Render the form
-$request['page']->drawTitle(sprintf(_('Compare another DN with
%s'),get_rdn($request['dn'])));
+$request['page']->drawTitle(sprintf(_('Compare another DN with
%s'),htmlspecialchars(get_rdn($request['dn']))));
$request['page']->drawSubTitle();
printf('',JSDIR);
echo '
';
-printf('%s %s %s
',_('Compare'),get_rdn($request['dn']),_('with '));
+printf('%s %s %s
',_('Compare'),htmlspecialchars(get_rdn($request['dn'])),_('with '));
echo '
';
echo '
';
diff --git a/lam/templates/3rdParty/pla/htdocs/view_jpeg_photo.php b/lam/templates/3rdParty/pla/htdocs/view_jpeg_photo.php
index d52501cc..372ab5b5 100644
--- a/lam/templates/3rdParty/pla/htdocs/view_jpeg_photo.php
+++ b/lam/templates/3rdParty/pla/htdocs/view_jpeg_photo.php
@@ -18,7 +18,7 @@ $request['dn'] = get_request('dn','GET');
$request['attr'] = strtolower(get_request('attr','GET',false,'jpegphoto'));
$request['index'] = get_request('index','GET',false,0);
$request['type'] = get_request('type','GET',false,'image/jpeg');
-$request['filename'] = get_request('filename','GET',false,sprintf('%s.jpg',get_rdn($request['dn'],true)));
+$request['filename'] = get_request('filename','GET',false,sprintf('%s.jpg',htmlspecialchars(get_rdn($request['dn'],true))));
$request['location'] = get_request('location','GET',false,'ldap');
switch ($request['location']) {