diff --git a/src/admin/file_class.php b/src/admin/file_class.php
index b70e587e..fc5fe2f9 100644
--- a/src/admin/file_class.php
+++ b/src/admin/file_class.php
@@ -145,6 +145,7 @@ class FileManagement
      */
     function DeleteFile($filename)
     {
+        $filename = str_replace("..", "", $filename);
         $filename = $this->baseDir.$this->activeDir."/$filename";
         if (is_file($filename)) {
             @unlink($filename);