diff --git a/modules/brainbrowser/php/imageinfo.class.inc b/modules/brainbrowser/php/imageinfo.class.inc
index f5381d2abf8..73c0229fa8a 100644
--- a/modules/brainbrowser/php/imageinfo.class.inc
+++ b/modules/brainbrowser/php/imageinfo.class.inc
@@ -185,7 +185,7 @@ class ImageInfo extends \NDB_Page
                                      '' as Visit_label,
                                      MincFile as File,
                                      LogID as FileID
-                              FROM mri_violation_log
+                              FROM mri_violations_log
                               WHERE LogID IN (" . join(",", $params) .")";
                 break;
             case 'CandidateError':
diff --git a/php/libraries/FilesDownloadHandler.php b/php/libraries/FilesDownloadHandler.php
index 319833eb6b5..e46d4038d5f 100644
--- a/php/libraries/FilesDownloadHandler.php
+++ b/php/libraries/FilesDownloadHandler.php
@@ -67,7 +67,9 @@ public function handle(ServerRequestInterface $request) : ResponseInterface
             );
         }
         //Use basename to remove path traversal characters.
-        $filename = basename(strval($request->getAttribute('filename')));
+        $filename = \Utility::resolvePath(
+            strval($request->getAttribute('filename'))
+        );
 
         if (empty($filename)) {
             return new \LORIS\Http\Response\JSON\BadRequest(