diff --git a/index.php b/index.php
index 16db74e..3bf944e 100644
--- a/index.php
+++ b/index.php
@@ -13,12 +13,9 @@ if ( isset($_REQUEST['sortorder']) ) {
 $validext = array('cbr', 'cbz');
 
 if ( isset($_REQUEST['newpath']) ) {
-   $newpath = makepathsafe($_REQUEST['newpath']);
-   if ( is_dir(COMICSDIR . $newpath) ) {
-      $_SESSION['compath'] = $newpath;
-   } else {
-      $_SESSION['compath'] = "/";
-   }
+   $comicfull = realpath(COMICSDIR . base64_decode(urldecode($_REQUEST['newpath'])));
+   if ( ($comicfull === false) || (substr($comicfull, 0, strlen(COMICSDIR)) != COMICSDIR) ) $_SESSION['compath'] = "/";
+   $_SESSION['compath'] = substr($comicfull, strlen(COMICSDIR));
 }
 
 $compath = $_SESSION['compath'];