diff --git a/app/recordings/recordings.php b/app/recordings/recordings.php
index c12e09d01e..1f79be9528 100644
--- a/app/recordings/recordings.php
+++ b/app/recordings/recordings.php
@@ -77,8 +77,15 @@ require_once "resources/check_auth.php";
 					$recording_filename = base64_decode($_GET['filename']); //xml_cdr
 				}
 
-			if (file_exists($path.'/'.$recording_filename)) {
-				$fd = fopen($path.'/'.$recording_filename, "rb");
+			// build full path
+				if(substr($recording_filename,0,1) == '/'){
+					$full_recording_path = $path . $recording_filename;
+				} else {
+					$full_recording_path = $path . '/' . $recording_filename;
+				}
+
+			if (file_exists($full_recording_path)) {
+				$fd = fopen($full_recording_path, "rb");
 				if ($_GET['t'] == "bin") {
 					header("Content-Type: application/force-download");
 					header("Content-Type: application/octet-stream");
@@ -97,14 +104,14 @@ require_once "resources/check_auth.php";
 				header('Content-Disposition: attachment; filename="'.$recording_filename.'"');
 				header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
 				header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
-				header("Content-Length: " . filesize($path.'/'.$recording_filename));
+				header("Content-Length: " . filesize($full_recording_path));
 				ob_clean();
 				fpassthru($fd);
 			}
 
 			//if base64, remove temp recording file
 			if ($_SESSION['recordings']['storage_type']['text'] == 'base64' && $row['recording_base64'] != '') {
-				@unlink($path.'/'.$recording_filename);
+				@unlink($full_recording_path);
 			}
 		}
 		exit;
diff --git a/app/xml_cdr/xml_cdr.php b/app/xml_cdr/xml_cdr.php
index ab7e5cbf6d..572c9a7625 100644
--- a/app/xml_cdr/xml_cdr.php
+++ b/app/xml_cdr/xml_cdr.php
@@ -368,7 +368,6 @@ else {
 		$database = new database;
 	}
 
-	$path_mod = $_SESSION["domain_name"];
 	if ($result_count > 0) {
 		foreach($result as $index => $row) {
 			$tmp_year = date("Y", strtotime($row['start_stamp']));
@@ -391,7 +390,8 @@ else {
 
 			//handle recordings
 			if (permission_exists('recording_play') || permission_exists('recording_download')) {
-				$tmp_dir = $_SESSION['switch']['recordings']['dir'].'/'.$path_mod.'/archive/'.$tmp_year.'/'.$tmp_month.'/'.$tmp_day;
+				$tmp_rel_path = '/archive/'.$tmp_year.'/'.$tmp_month.'/'.$tmp_day;
+				$tmp_dir = $_SESSION['switch']['recordings']['dir'].'/'.$_SESSION["domain_name"].$tmp_rel_path;
 				$tmp_name = '';
 				if(!empty($row['recording_file']) && file_exists($row['recording_file'])){
 					$tmp_name=$row['recording_file'];
@@ -421,7 +421,7 @@ else {
 					$tmp_name = $row['bridge_uuid']."_1.mp3";
 				}
 				if (strlen($tmp_name) > 0 && file_exists($tmp_dir.'/'.$tmp_name) && $seconds > 0) {
-					$recording_file_path = '/'.$path_mod.'/archive/'.$tmp_year.'/'.$tmp_month.'/'.$tmp_day.'/'.$tmp_name;
+					$recording_file_path = $tmp_rel_path.'/'.$tmp_name;
 					$recording_file_name = strtolower(pathinfo($tmp_name, PATHINFO_BASENAME));
 					$recording_file_ext = pathinfo($recording_file_name, PATHINFO_EXTENSION);
 					switch ($recording_file_ext) {