diff --git a/app/coffee/RequestParser.coffee b/app/coffee/RequestParser.coffee
index 93c843d..d9a2e9b 100644
--- a/app/coffee/RequestParser.coffee
+++ b/app/coffee/RequestParser.coffee
@@ -75,4 +75,5 @@ module.exports = RequestParser =
 		return attribute
 
 	_sanitizePath: (path) ->
-		path.replace(/[^a-zA-Z0-9_\-;.,\/ ]/g, "")
\ No newline at end of file
+		# See http://php.net/manual/en/function.escapeshellcmd.php
+		path.replace(/[\#\&\;\`\|\*\?\~\<\>\^\(\)\[\]\{\}\$\\\,\x0A\xFF]/g, "")
\ No newline at end of file