diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php
index cc09c7503c..dbbd5ce79b 100644
--- a/wp-admin/includes/file.php
+++ b/wp-admin/includes/file.php
@@ -43,6 +43,9 @@ function get_real_file_to_edit( $file ) {
 }
 
 function validate_file( $file, $allowed_files = '' ) {
+	if ( false !== strpos( $file, '..' ))
+		return 1;
+
 	if ( false !== strpos( $file, './' ))
 		return 1;