diff --git a/modules/module/module.model.php b/modules/module/module.model.php
index a6c91bed9..5e0543e72 100644
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@@ -957,8 +957,16 @@ class moduleModel extends module
 	{
 		// Read xml file having skin information
 		if(substr($path,-1)!='/') $path .= '/';
+		if(!preg_match('/^[a-zA-Z0-9_-]+$/', $skin))
+		{
+			return;
+		}
 		$skin_xml_file = sprintf("%s%s/%s/skin.xml", $path, $dir, $skin);
-		if(!file_exists($skin_xml_file)) return;
+		if(!file_exists($skin_xml_file))
+		{
+			return;
+		}
+		
 		// Create XmlParser object
 		$oXmlParser = new XeXmlParser();
 		$_xml_obj = $oXmlParser->loadXmlFile($skin_xml_file);