diff --git a/plugin/editor/cheditor5/imageUpload/delete.php b/plugin/editor/cheditor5/imageUpload/delete.php
index 0da4fc8f3..1d961c696 100644
--- a/plugin/editor/cheditor5/imageUpload/delete.php
+++ b/plugin/editor/cheditor5/imageUpload/delete.php
@@ -5,9 +5,9 @@ if(!function_exists('ft_nonce_is_valid')){
     include_once('../editor.lib.php');
 }
 
-$filesrc = isset($_POST["filesrc"]) ? $_POST["filesrc"] : '';
+$filesrc = isset($_POST["filesrc"]) ? preg_replace("/[ #\&\+\-%@=\/\\\:;,\'\"\^`~\_|\!\?\*$#<>()\[\]\{\}]/", "", $_POST["filesrc"]) : '';
 
-if( !$filesrc ){
+if( !$filesrc || ! preg_match('=^[^/?*;:{}\\\\]+\.[^/?*;:{}\\\\]+$=', $filesrc) || ! preg_match('/\.(gif|jpe?g|bmp|png)$/i', $filesrc) ){
     die( false );
 }