diff --git a/lib/weblib.php b/lib/weblib.php
index 19dcab0ba32..5c9b8c40811 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -358,7 +358,13 @@ function get_slash_arguments($i=0) {
         return false;
     }
 
-    if (strpos($PATH_INFO, "..")) {  // check for funny business
+    if (strpos($PATH_INFO, "..")) { // check for parent URLs
+        return false;
+    }
+    if (strpos($PATH_INFO, "|")) {  // check for pipes
+        return false;
+    }
+    if (strpos($PATH_INFO, "`")) {  // check for backquotes
         return false;
     }
 
diff --git a/user/pix.php b/user/pix.php
index d81853d0040..9a07f13b47a 100644
--- a/user/pix.php
+++ b/user/pix.php
@@ -30,14 +30,16 @@
 
     $lastmodified = filemtime($pathname);
 
-    header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
-    header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
-    header("Cache-control: max_age = $lifetime"); // a day
-    header("Pragma: ");
-    header("Content-disposition: inline; filename=$image");
-    header("Content-length: ".filesize($pathname));
-    header("Content-type: image/jpeg");
-    readfile("$pathname");
+    if (file_exists($pathname)) {
+        header("Last-Modified: " . gmdate("D, d M Y H:i:s", $lastmodified) . " GMT");
+        header("Expires: " . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT");
+        header("Cache-control: max_age = $lifetime"); // a day
+        header("Pragma: ");
+        header("Content-disposition: inline; filename=$image");
+        header("Content-length: ".filesize($pathname));
+        header("Content-type: image/jpeg");
+        readfile("$pathname");
+    }
 
     exit;
 ?>