diff --git a/Entity/UploadedFile.php b/Entity/UploadedFile.php
index 223c2b483161d34aea2f981adab34e6805194bf6..70b0e05172486c5353305a91c8474942668c1ccd 100644
--- a/Entity/UploadedFile.php
+++ b/Entity/UploadedFile.php
@@ -151,7 +151,10 @@ class UploadedFile
      */
     public function setPath($path)
     {
-        $this->path = $path;
+        if(!static::isSafePath($path)) {
+            throw new InvalidArgumentException("Unsafe path: $path");
+        }
+        $this->path = trim($path, '/');
 
         return $this;
     }
@@ -495,4 +498,30 @@ class UploadedFile
     {
         return fwrite($filehandle, $maxlen);
     }
+
+    /** Vérifie si
+     *
+     * @param string $path
+     * @return boolean
+     */
+    public static function isSafePath($path)
+    {
+        $parts = explode('/', trim($path, '/'));
+        $level = 0;
+        foreach($parts as $part) {
+            switch($part) {
+                case '.':
+                    break;
+                case '..':
+                    $level--;
+                    if($level < 0) {
+                        return false;
+                    }
+                    break;
+                default:
+                    $level++;
+            }
+        }
+        return true;
+    }
 }