diff --git a/apps/files/ajax/list.php b/apps/files/ajax/list.php
index 92091f4213..878e4cb215 100644
--- a/apps/files/ajax/list.php
+++ b/apps/files/ajax/list.php
@@ -25,7 +25,7 @@ if($doBreadcrumb) {
 	}
 
 	$breadcrumbNav = new OCP\Template( "files", "part.breadcrumb", "" );
-	$breadcrumbNav->assign( "breadcrumb", $breadcrumb );
+	$breadcrumbNav->assign( "breadcrumb", $breadcrumb, false );
 
 	$data['breadcrumb'] = $breadcrumbNav->fetchPage();
 }
diff --git a/apps/files/index.php b/apps/files/index.php
index 54c7416780..a88e1f0074 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -36,7 +36,7 @@ if(!isset($_SESSION['timezone'])) {
 }
 OCP\App::setActiveNavigationEntry( 'files_index' );
 // Load the files
-$dir = isset( $_GET['dir'] ) ? rawurldecode(stripslashes($_GET['dir'])) : '';
+$dir = isset( $_GET['dir'] ) ? stripslashes($_GET['dir']) : '';
 // Redirect if directory does not exist
 if(!\OC\Files\Filesystem::is_dir($dir.'/')) {
 	header('Location: '.$_SERVER['SCRIPT_NAME'].'');
diff --git a/apps/files/js/fileactions.js b/apps/files/js/fileactions.js
index 40dd9f14a6..80b9c01f83 100644
--- a/apps/files/js/fileactions.js
+++ b/apps/files/js/fileactions.js
@@ -70,34 +70,43 @@ var FileActions = {
 		}
 		parent.children('a.name').append('<span class="fileactions" />');
 		var defaultAction = FileActions.getDefault(FileActions.getCurrentMimeType(), FileActions.getCurrentType(), FileActions.getCurrentPermissions());
-		var actionHandler = function (parent, action, event) {
+		
+		var actionHandler = function (event) {
 			event.stopPropagation();
 			event.preventDefault();
-			FileActions.currentFile = parent;
-			file = FileActions.getCurrentFile();
-			action(file);
+
+			FileActions.currentFile = event.data.elem;
+			var file = FileActions.getCurrentFile();
+			
+			event.data.actionFunc(file);
 		};
-		for (name in actions) {
+		
+		$.each(actions, function (name, action) {
 			// NOTE: Temporary fix to prevent rename action in root of Shared directory
 			if (name === 'Rename' && $('#dir').val() === '/Shared') {
-				continue;
+				return true;
 			}
-			if ((name === 'Download' || actions[name] !== defaultAction) && name !== 'Delete') {
+			
+			if ((name === 'Download' || action !== defaultAction) && name !== 'Delete') {
 				var img = FileActions.icons[name];
 				if (img.call) {
 					img = img(file);
 				}
 				var html = '<a href="#" class="action" data-action="'+name+'">';
 				if (img) {
-					html += '<img class ="svg" src="' + img + '"/> ';
+					html += '<img class ="svg" src="' + img + '" /> ';
 				}
 				html += t('files', name) + '</a>';
+				
 				var element = $(html);
 				element.data('action', name);
-				element.click(actionHandler.bind(null, parent, actions[name]));
+				//alert(element);
+				element.on('click',{a:null, elem:parent, actionFunc:actions[name]},actionHandler);
 				parent.find('a.name>span.fileactions').append(element);
 			}
-		}
+			
+		});
+		
 		if (actions['Delete']) {
 			var img = FileActions.icons['Delete'];
 			if (img.call) {
@@ -114,7 +123,7 @@ var FileActions = {
 				element.append($('<img class ="svg" src="' + img + '"/>'));
 			}
 			element.data('action', actions['Delete']);
-			element.click(actionHandler.bind(null, parent, actions['Delete']));
+			element.on('click',{a:null, elem:parent, actionFunc:actions['Delete']},actionHandler);
 			parent.parent().children().last().append(element);
 		}
 	},
diff --git a/apps/files/js/filelist.js b/apps/files/js/filelist.js
index a5550dc992..5674206632 100644
--- a/apps/files/js/filelist.js
+++ b/apps/files/js/filelist.js
@@ -151,6 +151,9 @@ var FileList={
 			event.stopPropagation();
 			event.preventDefault();
 			var newname=input.val();
+			if (Files.containsInvalidCharacters(newname)) {
+				return false;
+			}
 			if (newname != name) {
 				if (FileList.checkName(name, newname, false)) {
 					newname = name;
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 4307650d4f..3b33fc1978 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -25,6 +25,18 @@ Files={
 			delete uploadingFiles[index];
 		});
 		procesSelection();
+	},
+	containsInvalidCharacters:function (name) {
+		var invalid_characters = ['\\', '/', '<', '>', ':', '"', '|', '?', '*'];
+		for (var i = 0; i < invalid_characters.length; i++) {
+			if (name.indexOf(invalid_characters[i]) != -1) {
+				$('#notification').text(t('files', "Invalid name, '\\', '/', '<', '>', ':', '\"', '|', '?' and '*' are not allowed."));
+				$('#notification').fadeIn();
+				return true;
+			}
+		}
+		$('#notification').fadeOut();
+		return false;
 	}
 };
 $(document).ready(function() {
@@ -505,9 +517,7 @@ $(document).ready(function() {
 		$(this).append(input);
 		input.focus();
 		input.change(function(){
-			if(type != 'web' && $(this).val().indexOf('/')!=-1){
-				$('#notification').text(t('files','Invalid name, \'/\' is not allowed.'));
-				$('#notification').fadeIn();
+			if (type != 'web' && Files.containsInvalidCharacters($(this).val())) {
 				return;
 			} else if( type == 'folder' && $('#dir').val() == '/' && $(this).val() == 'Shared') {
 				$('#notification').text(t('files','Invalid folder name. Usage of "Shared" is reserved by Owncloud'));
diff --git a/apps/files/templates/part.breadcrumb.php b/apps/files/templates/part.breadcrumb.php
index ead9ab1ed7..ba1432c1b8 100644
--- a/apps/files/templates/part.breadcrumb.php
+++ b/apps/files/templates/part.breadcrumb.php
@@ -1,6 +1,7 @@
 	<?php for($i=0; $i<count($_["breadcrumb"]); $i++):
-        $crumb = $_["breadcrumb"][$i]; ?>
-		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo urlencode($crumb["dir"]);?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'>
-		<a href="<?php echo $_['baseURL'].urlencode($crumb["dir"]); ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
+	$crumb = $_["breadcrumb"][$i];
+	$dir = str_replace('+','%20', urlencode($crumb["dir"])); ?>
+		<div class="crumb <?php if($i == count($_["breadcrumb"])-1) echo 'last';?> svg" data-dir='<?php echo $dir;?>' style='background-image:url("<?php echo OCP\image_path('core', 'breadcrumb.png');?>")'>
+		<a href="<?php echo $_['baseURL'].$dir; ?>"><?php echo OCP\Util::sanitizeHTML($crumb["name"]); ?></a>
 		</div>
 	<?php endfor;?>
diff --git a/core/templates/installation.php b/core/templates/installation.php
index a7c4780d5d..1e7983eae5 100644
--- a/core/templates/installation.php
+++ b/core/templates/installation.php
@@ -19,7 +19,7 @@
 	</ul>
 	<?php endif; ?>
 	<?php if(!$_['secureRNG']): ?>
-	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;">
 		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
 		<span><?php echo $l->t('No secure random number generator is available, please enable the PHP OpenSSL extension.');?></span>		
 		<br/>
@@ -27,7 +27,7 @@
 	</fieldset>
 	<?php endif; ?>
 	<?php if(!$_['htaccessWorking']): ?>
-	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7;">
+	<fieldset style="color: #B94A48; background-color: #F2DEDE; border-color: #EED3D7; border-style:solid; border-radius: 5px; border-width:1px; padding:0.5em;">
 		<legend><strong><?php echo $l->t('Security Warning');?></strong></legend>
 		<span><?php echo $l->t('Your data directory and your files are probably accessible from the internet. The .htaccess file that ownCloud provides is not working. We strongly suggest that you configure your webserver in a way that the data directory is no longer accessible or you move the data directory outside the webserver document root.');?></span>		
 	</fieldset>