diff --git a/upload/engine/core.class.php b/upload/engine/core.class.php
index add3146..61a6d2b 100644
--- a/upload/engine/core.class.php
+++ b/upload/engine/core.class.php
@@ -365,7 +365,7 @@
 	 * @return Object
 	 */
 	public function load_mode($mode){
-		if(!file_exists(MCR_MODE_PATH.$mode.".php")){ $this->title = $this->lng['e_mode_found']; return $this->sp(MCR_THEME_PATH."default_sp/404.html"); }
+		if(!preg_match("/^\w+$/i", $mode) || !file_exists(MCR_MODE_PATH.$mode.".php")){ $this->title = $this->lng['e_mode_found']; return $this->sp(MCR_THEME_PATH."default_sp/404.html"); }
 		
 		include_once(MCR_MODE_PATH.$mode.".php");