diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index f17c4ae9a8477c0e0792701bef2ef0c9090f934a..39baec55e3421b1b8639b4f2ce6c180a9fd3217c 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -49,7 +49,7 @@ $lang_file = $_REQUEST['lang_file'];
 
 if(!preg_match("/^[a-z]+$/i", $lang)) die('unallowed characters in language name.');
 if(!preg_match("/^[a-z_]+$/i", $module)) die('unallowed characters in module name.');
-if(!preg_match("/^[a-z\._]+$/i", $lang_file)) die('unallowed characters in language file name.');
+if(!preg_match("/^[a-z\._]+$/i", $lang_file) || strpos($lang_file,'..') !== false || substr($lang_file,-4) != '.lng') die('unallowed characters in language file name.');
 
 $msg = '';