diff --git a/system/Debug/Toolbar.php b/system/Debug/Toolbar.php
index 9a884b60f5b3..c2d47a9c304e 100644
--- a/system/Debug/Toolbar.php
+++ b/system/Debug/Toolbar.php
@@ -484,6 +484,12 @@ public function respond()
         if ($request->getGet('debugbar_time')) {
             helper('security');
 
+            // Validate and sanitize the debugbar_time parameter -- ss
+            $debugbarTime = $request->getGet('debugbar_time');
+            if (! preg_match('/^\d+(\.\d+)?$/', $debugbarTime)) {
+                throw new InvalidArgumentException('Invalid debugbar_time parameter.');
+            }
+
             // Negotiate the content-type to format the output
             $format = $request->negotiate('media', ['text/html', 'application/json', 'application/xml']);
             $format = explode('/', $format)[1];
@@ -491,9 +497,9 @@ public function respond()
             $filename = sanitize_filename('debugbar_' . $request->getGet('debugbar_time'));
             $filename = WRITEPATH . 'debugbar/' . $filename . '.json';
 
-            if (is_file($filename)) {
+            if (is_file($filename) && is_readable($filename)) {
                 // Show the toolbar if it exists
-                echo $this->format(file_get_contents($filename), $format);
+                echo htmlspecialchars($this->format(file_get_contents($filename), $format), ENT_QUOTES, 'UTF-8');
 
                 exit;
             }