diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 93668667c1..3e2b4da25a 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -195,14 +195,12 @@ die();
         }
     }
 
+if ( ereg('image/',$img1_type) )
+	$piece_of_code = "<img src=';". get_settings('fileupload_url') ."/$img1_name' alt='$imgdesc' />";
+else
+	$piece_of_code = "<a href='". get_settings('fileupload_url') . "/$img1_name' title='$imgdesc'>$imgdesc</a>";
 
-
-if ( ereg('image/',$img1_type)) {
-    $piece_of_code = "&lt;img src=&quot;". get_settings('fileupload_url') ."/$img1_name&quot; alt=&quot;$imgdesc&quot; /&gt;";
-} else {
-    $piece_of_code = "&lt;a href=&quot;". get_settings('fileupload_url') . "/$img1_name&quot; title=&quot;$imgdesc&quot; &gt;$imgdesc&lt;/a&gt;";
-};
-
+$piece_of_code = htmlspecialchars( $piece_of_code );
 ?>
 
 <h3><?php _e('File uploaded!') ?></h3>