diff --git a/core/class/uploader.php b/core/class/uploader.php
index 447d0ff..b2410e8 100644
--- a/core/class/uploader.php
+++ b/core/class/uploader.php
@@ -198,7 +198,8 @@ public function __construct() {
         // HOST APPLICATIONS INIT
         if (isset($_GET['CKEditorFuncNum'])) {
             $this->opener['name'] = "ckeditor";
-            $this->opener['CKEditor'] = array('funcNum' => $_GET['CKEditorFuncNum']);
+            $malicious = array("(", ")", ";", "=", "-", "*", "/", "+", "!", "@", "#", "%", "^", "&", "`", "'", "\"");
+            $this->opener['CKEditor'] = array('funcNum' => htmlentities(str_replace($malicious, '', $_GET['CKEditorFuncNum']), ENT_QUOTES, 'UTF-8'));
 
         } elseif (isset($_GET['opener'])) {
             $this->opener['name'] = $_GET['opener'];