diff --git a/app/messages/message_media.php b/app/messages/message_media.php
index 2304eb3595..210a46d918 100644
--- a/app/messages/message_media.php
+++ b/app/messages/message_media.php
@@ -34,7 +34,7 @@
 
 //get media uuid
 	$message_media_uuid = $_GET['id'];
-	$message_media_source = $_GET['src'];
+	$message_media_source = escape($_GET['src']);
 	$action = $_GET['action'];
 
 //get media
@@ -96,4 +96,4 @@
 
 	}
 
-?>
\ No newline at end of file
+?>