diff --git a/lib/shop.lib.php b/lib/shop.lib.php
index ec90cc584..5d906e022 100644
--- a/lib/shop.lib.php
+++ b/lib/shop.lib.php
@@ -152,9 +152,9 @@ class item_list
     function set_list_skin($list_skin) {
         global $default;
         if ($this->is_mobile) {
-            $this->list_skin = $list_skin ? $list_skin : G5_MSHOP_SKIN_PATH.'/'.$default['de_mobile_type'.$this->type.'_list_skin'];
+            $this->list_skin = $list_skin ? $list_skin : G5_MSHOP_SKIN_PATH.'/'.preg_replace('/[^A-Za-z0-9 _ .-]/', '', $default['de_mobile_type'.$this->type.'_list_skin']);
         } else {
-            $this->list_skin = $list_skin ? $list_skin : G5_SHOP_SKIN_PATH.'/'.$default['de_type'.$this->type.'_list_skin'];
+            $this->list_skin = $list_skin ? $list_skin : G5_SHOP_SKIN_PATH.'/'.preg_replace('/[^A-Za-z0-9 _ .-]/', '', $default['de_type'.$this->type.'_list_skin']);
         }
     }
 
diff --git a/shop/listtype.php b/shop/listtype.php
index 38d146f8b..4b6c11c09 100644
--- a/shop/listtype.php
+++ b/shop/listtype.php
@@ -36,7 +36,7 @@ else
 if (!$skin)
     $skin = $default['de_listtype_list_skin'];
 else
-    $skin = preg_replace('#\.+/#', '', $skin);
+    $skin = preg_replace('#\.+[\\\/]#', '', $skin);
 
 define('G5_SHOP_CSS_URL', G5_SHOP_SKIN_URL);