diff --git a/wp-admin/templates.php b/wp-admin/templates.php
index 41a4ba8463..499588b92c 100644
--- a/wp-admin/templates.php
+++ b/wp-admin/templates.php
@@ -83,6 +83,7 @@ default:
 		$file = '.' . $file;
 	
 	$file = stripslashes($file);
+	$file = str_replace('../', '', $file);
 	$file = '../' . $file;
 	
 	if (!is_file($file))