diff --git a/admin/inc/class.uicategories.inc.php b/admin/inc/class.uicategories.inc.php
index 5b5d5da501..bf90166ed8 100644
--- a/admin/inc/class.uicategories.inc.php
+++ b/admin/inc/class.uicategories.inc.php
@@ -314,6 +314,8 @@
 
 		function edit()
 		{
+			if (!preg_match('/^(#[0-9a-f]+|[a-z]+)?$/i',$_POST['cat_data']['color'])) unset($_POST['cat_data']['color']);
+			if (!preg_match('/^[-_\.a-z0-9]+\.(png|gif|jpe?g)$/i',$_POST['cat_data']['icon'])) unset($_POST['cat_data']['icon']);
 			$new_parent			= (int)$_POST['new_parent'];
 			$cat_parent			= (int)$_POST['cat_parent'];
 			$cat_name			= $_POST['cat_name'];
diff --git a/preferences/inc/class.uicategories.inc.php b/preferences/inc/class.uicategories.inc.php
index 9151e00689..7643e54696 100644
--- a/preferences/inc/class.uicategories.inc.php
+++ b/preferences/inc/class.uicategories.inc.php
@@ -331,6 +331,8 @@
 				'cats_level'	=> $cats_level,
 				'cat_id'		=> $cat_id
 			);
+			if (!preg_match('/^(#[0-9a-f]+|[a-z]+)?$/i',$_POST['cat_data']['color'])) unset($_POST['cat_data']['color']);
+			if (!preg_match('/^[-_\.a-z0-9]+\.(png|gif|jpe?g)$/i',$_POST['cat_data']['icon'])) unset($_POST['cat_data']['icon']);
 			$new_parent			= $_POST['new_parent'];
 			$cat_parent			= $_POST['cat_parent'];
 			$cat_name			= $_POST['cat_name'];