diff --git a/lib/file-control.php b/lib/file-control.php
index d2c5099..e00a020 100644
--- a/lib/file-control.php
+++ b/lib/file-control.php
@@ -98,7 +98,7 @@ if ($_GET['action']=="upload") {
 		class fileUploader {  
 			public function __construct($uploads) {  
 				global $docRoot;
-				$uploadDir=$docRoot.$iceRoot.str_replace("|","/",strClean($_POST['folder'])."/");
+				$uploadDir=$docRoot.$iceRoot.str_replace("..","",str_replace("|","/",strClean($_POST['folder'])."/"));
 				foreach($uploads as $current) {  
 					$this->uploadFile=$uploadDir.$current->name;
 					$fileName = $current->name;