diff --git a/api/anon_images.php b/api/anon_images.php
index 5c5dc08592..2b0860e706 100644
--- a/api/anon_images.php
+++ b/api/anon_images.php
@@ -25,7 +25,7 @@ $path = $GLOBALS['egw_info']['server']['files_dir'].'/anon-images';
 
 if (!file_exists($path) || empty($_GET['src']) ||
 	basename($_GET['src']) !== $_GET['src'] ||	// make sure no directory traversal
-	!preg_match('/^[a-z0-9._-]+\.(jpe?g|png|gif|svg)$/i', $_GET['src']) ||	// only allow images, not eg. Javascript!
+	!preg_match('/^[a-z 0-9._-]+\.(jpe?g|png|gif|svg)$/i', $_GET['src']) ||	// only allow images, not eg. Javascript!
 	!file_exists($path .= '/'.$_GET['src']) ||
 	!($fp = fopen($path, 'r')))
 {