diff --git a/api/anon_images.php b/api/anon_images.php
index 04d76d5e30..a523ee9585 100644
--- a/api/anon_images.php
+++ b/api/anon_images.php
@@ -31,7 +31,7 @@ function send_image()
 
 	if (!file_exists($path) || empty($_GET['src']) ||
 		basename($_GET['src']) !== $_GET['src'] ||    // make sure no directory traversal
-		!preg_match('/^[a-z 0-9._-]+\.(jpe?g|png|gif|svg|ico|woff2)$/i', $_GET['src']) ||    // only allow images, not eg. Javascript!
+		!preg_match('/^[^\/]+\.(jpe?g|png|gif|svg|ico|woff2)$/i', $_GET['src']) ||    // only allow images, not eg. Javascript!
 		!file_exists($path .= '/' . $_GET['src']) ||
 		!($fp = fopen($path, 'r')))
 	{