diff --git a/pandora_console/extensions/files_repo/files_repo_list.php b/pandora_console/extensions/files_repo/files_repo_list.php
index 80de4563ae..e0ca07366d 100644
--- a/pandora_console/extensions/files_repo/files_repo_list.php
+++ b/pandora_console/extensions/files_repo/files_repo_list.php
@@ -64,9 +64,11 @@ if (!empty($files)) {
         $document_root = str_replace('\\', '/', io_safe_output($_SERVER['DOCUMENT_ROOT']));
         $file['location'] = str_replace('\\', '/', io_safe_output($file['location']));
         $relative_path = str_replace($document_root, '', $file['location']);
-        $file_path = base64_encode($relative_path);
-        $hash = md5($relative_path.$config['dbpass']);
-        $url = ui_get_full_url("include/get_file.php?file=$file_path&hash=$hash");
+        $file_name = explode('/', $file['location']);
+        $file_decoded = $file_name[(count($file_name) - 1)];
+        $file_path = base64_encode($file_decoded);
+        $hash = md5($file_path.$config['dbpass']);
+        $url = ui_get_full_url('include/get_file.php?file='.urlencode($file_path).'&hash='.$hash);
         $date_format = ($config['date_format']) ? io_safe_output($config['date_format']) : 'F j, Y - H:m';
 
         $data[0] = "<a href=\"$url\" target=\"_blank\">".$file['name'].'</a>';
diff --git a/pandora_console/include/functions_filemanager.php b/pandora_console/include/functions_filemanager.php
index 2c8ed90ee4..a3cf4ac0a5 100644
--- a/pandora_console/include/functions_filemanager.php
+++ b/pandora_console/include/functions_filemanager.php
@@ -690,8 +690,9 @@ function filemanager_file_explorer(
 
             $data[1] = '<a href="'.$url_file_clean.'">'.$fileinfo['name'].'</a>';
         } else {
-            $hash = md5($relative_path.$config['dbpass']);
-            $data[1] = '<a href="'.$hack_metaconsole.'include/get_file.php?file='.urlencode(base64_encode($relative_path)).'&hash='.$hash.'">'.$fileinfo['name'].'</a>';
+            $filename = base64_encode($relative_directory.'/'.$fileinfo['name']);
+            $hash = md5($filename.$config['dbpass']);
+            $data[1] = '<a href="'.$hack_metaconsole.'include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'">'.$fileinfo['name'].'</a>';
         }
 
         // Notice that uploaded php files could be dangerous
@@ -751,8 +752,9 @@ function filemanager_file_explorer(
         }
 
         if ((!$fileinfo['is_dir']) && ($download_button)) {
-            $hash = md5($fileinfo['realpath'].$config['dbpass']);
-            $data[4] .= '<a href="include/get_file.php?file='.urlencode(base64_encode($fileinfo['realpath'])).'&hash='.$hash.'" style="vertical-align: 25%;">';
+            $filename = base64_encode($fileinfo['name']);
+            $hash = md5($filename.$config['dbpass']);
+            $data[4] .= '<a href="include/get_file.php?file='.urlencode($filename).'&hash='.$hash.'" style="vertical-align: 25%;">';
             $data[4] .= html_print_image('images/file.png', true);
             $data[4] .= '</a>';
         }
diff --git a/pandora_console/include/get_file.php b/pandora_console/include/get_file.php
index 0f0fd30353..550e7e92fd 100644
--- a/pandora_console/include/get_file.php
+++ b/pandora_console/include/get_file.php
@@ -29,29 +29,42 @@ if ($auth_method != 'ad' && $auth_method != 'ldap') {
 
 $styleError = 'background:url("../images/err.png") no-repeat scroll 0 0 transparent; padding:4px 1px 6px 30px; color:#CC0000;';
 
-$file = get_parameter('file', null);
+$file_raw = get_parameter('file', null);
 
-$file = base64_decode($file);
+$file = base64_decode(urldecode($file_raw));
 
 $hash = get_parameter('hash', null);
 
-$testHash = md5($file.$config['dbpass']);
-
-if ($hash != $testHash) {
+if ($file === '' || $hash === '' || $hash !== md5($file_raw.$config['dbpass']) || !isset($_SERVER['HTTP_REFERER'])) {
     echo "<h3 style='".$styleError."'>".__('Security error. Please contact the administrator.').'</h3>';
-} else if (!empty($file) && !empty($hash)) {
-    // echo $file;
-    if (!file_exists($file)) {
-        $file = $_SERVER['DOCUMENT_ROOT'].$file;
+} else {
+    $downloadable_file = '';
+    $parse_all_queries = explode('&', parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY));
+    $parse_sec2_query = explode('=', $parse_all_queries[1]);
+    if ($parse_sec2_query[0] === 'sec2') {
+        switch ($parse_sec2_query[1]) {
+            case 'godmode/setup/file_manager':
+                $downloadable_file = $_SERVER['DOCUMENT_ROOT'].'/pandora_console/'.$file;
+            break;
+
+            case 'extensions/files_repo':
+                $downloadable_file = $_SERVER['DOCUMENT_ROOT'].'/pandora_console/attachment/files_repo/'.$file;
+            break;
+
+            default:
+                $downloadable_file = '';
+                // Do nothing
+            break;
+        }
     }
 
-    if (!file_exists($file)) {
+    if ($downloadable_file === '' || !file_exists($downloadable_file)) {
         echo "<h3 style='".$styleError."'>".__('File is missing in disk storage. Please contact the administrator.').'</h3>';
     } else {
         header('Content-type: aplication/octet-stream;');
-        header('Content-type: '.mime_content_type($file).';');
-        header('Content-Length: '.filesize($file));
-        header('Content-Disposition: attachment; filename="'.basename($file).'"');
-        readfile($file);
+        header('Content-type: '.mime_content_type($downloadable_file).';');
+        header('Content-Length: '.filesize($downloadable_file));
+        header('Content-Disposition: attachment; filename="'.basename($downloadable_file).'"');
+        readfile($downloadable_file);
     }
 }