diff --git a/tools/picture-upload.pl b/tools/picture-upload.pl
index 2383fba885..4d6597fdee 100755
--- a/tools/picture-upload.pl
+++ b/tools/picture-upload.pl
@@ -89,6 +89,7 @@ if ( ( $op eq 'cud-Upload' ) && ($uploadfile || $uploadfiletext) ) {
 
     my $dirname = File::Temp::tempdir( CLEANUP => 1 );
     my $filesuffix;
+    $uploadfilename =~ s/[^A-Za-z0-9\-\.]//g;
     if ( $uploadfilename =~ m/(\..+)$/i ) {
         $filesuffix = $1;
     }