diff --git a/index.php b/index.php
index 1d72e79..a26ba60 100644
--- a/index.php
+++ b/index.php
@@ -66,6 +66,8 @@ if (! isset($_SERVER["PATH_INFO"])) {
 
 $shortPath = $_SERVER["PATH_INFO"];
 if ($shortPath == '/') $shortPath = '';
+// extra security check to avoid /photos/index/../.. like urls, maybe useless but..
+if (strpos($shortPath, '..') !== false) die(".. found in url");
 
 $folders = array();
 $imageFiles = array();