diff --git a/src/java/org/onesocialweb/openfire/manager/ProfileManager.java b/src/java/org/onesocialweb/openfire/manager/ProfileManager.java
index 031a9e0..38a49f7 100644
--- a/src/java/org/onesocialweb/openfire/manager/ProfileManager.java
+++ b/src/java/org/onesocialweb/openfire/manager/ProfileManager.java
@@ -88,6 +88,10 @@ public Profile getProfile(String requestorJID, String targetJID) throws UserNotF
 				{
 					boolean canSee=false;
 					List<AclRule> rules= field.getAclRules();
+					//this is a patch, so that the profile and its fields can be retrieved even when the acl rules where not set...
+					// currently the vodafonernd.com DB has many profiles without any ACL rules, which retrieves empty profiles...
+					if (rules.isEmpty())
+						canSee=true;
 					for (AclRule rule: rules)
 					{
 						if ((rule.hasAction(viewAction)) && (AclManager.canSee(targetJID, rule, requestorJID)))						
diff --git a/src/java/org/onesocialweb/openfire/web/FileServlet.java b/src/java/org/onesocialweb/openfire/web/FileServlet.java
index 244ee88..5b8dbc8 100644
--- a/src/java/org/onesocialweb/openfire/web/FileServlet.java
+++ b/src/java/org/onesocialweb/openfire/web/FileServlet.java
@@ -218,8 +218,12 @@ public void init(ServletConfig config) throws ServletException {
 		super.init(config);
 
 		// Exclude this servlet from requering the user to login
-		AuthCheckFilter.addExclude("osw-openfire-plugin");
-	}
+		AuthCheckFilter.addExclude("osw-openfire-plugin");		
+		AuthCheckFilter.addExclude("osw-openfire-plugin/file/");
+		AuthCheckFilter.addExclude("osw-openfire-plugin/form.html");
+		
+		
+		}
 
 	private File getTempFolder() {	
 		final String tempPath = JiveGlobals.getProperty("onesocialweb.path.temp");