diff --git a/src/Site/SiteStorage.py b/src/Site/SiteStorage.py
index 4d08908e..843d9125 100644
--- a/src/Site/SiteStorage.py
+++ b/src/Site/SiteStorage.py
@@ -358,7 +358,7 @@ class SiteStorage(object):
         if not inner_path:
             return self.directory
 
-        if ".." in inner_path:
+        if "../" in inner_path:
             raise Exception(u"File not allowed: %s" % inner_path)
 
         return u"%s/%s" % (self.directory, inner_path)
diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py
index 604dea5f..4b60b981 100644
--- a/src/Ui/UiRequest.py
+++ b/src/Ui/UiRequest.py
@@ -441,7 +441,7 @@ class UiRequest(object):
         if path.endswith("/"):
             path = path + "index.html"
 
-        if ".." in path or "./" in path:
+        if "../" in path or "./" in path:
             raise SecurityError("Invalid path")
 
         match = re.match("/media/(?P<address>[A-Za-z0-9]+[A-Za-z0-9\._-]+)(?P<inner_path>/.*|$)", path)