diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index d2eb3757a6c..215481fbed8 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -189,19 +189,23 @@ function clean_param($param, $options) {
     }
 
     if ($options & PARAM_FILE) {         // Strip all suspicious characters from filename
-        $param = str_replace('\\', '/', $param);
-        $param = basename($param);
-        $param = ereg_replace('\.\.+', '', $param);
-        $param = ereg_replace('[[:cntrl:]]|[<>"\`\|\']', '', $param);
+        $param = clean_param($param, PARAM_PATH);
+        $pos = strrpos($param,'/');
+        if ($pos !== FALSE) {
+            $param = substr($param, $pos+1);
+        }
         if ($param === '.' or $param === ' ') {
             $param = '';
-        }
+        }        
     }
 
     if ($options & PARAM_PATH) {         // Strip all suspicious characters from file path
+        $param = str_replace('\\\'', '\'', $param);
+        $param = str_replace('\\"', '"', $param);
         $param = str_replace('\\', '/', $param);
+        $param = ereg_replace('[[:cntrl:]]|[<>"`\|\']', '', $param);
         $param = ereg_replace('\.\.+', '', $param);
-        $param = ereg_replace('[[:cntrl:]]|[<>"\`\|\']', '', $param);
+        $param = ereg_replace('//+', '/', $param);
     }
 
     return $param;