diff --git a/lib/thumbnail.lib.php b/lib/thumbnail.lib.php
index 1c8b2f6e6..5daeaaab4 100644
--- a/lib/thumbnail.lib.php
+++ b/lib/thumbnail.lib.php
@@ -34,6 +34,9 @@ function get_list_thumbnail($bo_table, $wr_id, $thumb_width, $thumb_height, $is_
             else
                 $data_path = $p['path'];
 
+            if(!preg_match('/^\/'.G4_DATA_DIR.'/', $data_path))
+                continue;
+
             $srcfile = G4_PATH.$data_path;
 
             if(preg_match("/\.({$config['cf_image_extension']})$/i", $srcfile) && is_file($srcfile)) {
@@ -107,6 +110,9 @@ function get_view_thumbnail($contents)
         else
             $data_path = $p['path'];
 
+        if(!preg_match('/^\/'.G4_DATA_DIR.'/', $data_path))
+            continue;
+
         $srcfile = G4_PATH.$data_path;
 
         if(is_file($srcfile)) {