diff --git a/http_examples.cpp b/http_examples.cpp
index 55fabc5..b441c97 100644
--- a/http_examples.cpp
+++ b/http_examples.cpp
@@ -83,14 +83,10 @@ int main() {
         
         string path=request->path_match[1];
         
-        //Remove all but the last '.' (so we can't leave the web-directory)
-        size_t last_pos=path.rfind(".");
-        size_t current_pos=0;
+        //Replace all ".." with "." (so we can't leave the web-directory)
         size_t pos;
-        while((pos=path.find('.', current_pos))!=string::npos && pos!=last_pos) {
-            current_pos=pos;
+        while((pos=path.find(".."))!=string::npos) {
             path.erase(pos, 1);
-            last_pos--;
         }
         
         filename+=path;
diff --git a/https_examples.cpp b/https_examples.cpp
index c3b405d..5b160cf 100644
--- a/https_examples.cpp
+++ b/https_examples.cpp
@@ -83,14 +83,10 @@ int main() {
         
         string path=request->path_match[1];
         
-        //Remove all but the last '.' (so we can't leave the web-directory)
-        size_t last_pos=path.rfind(".");
-        size_t current_pos=0;
+        //Replace all ".." with "." (so we can't leave the web-directory)
         size_t pos;
-        while((pos=path.find('.', current_pos))!=string::npos && pos!=last_pos) {
-            current_pos=pos;
+        while((pos=path.find(".."))!=string::npos) {
             path.erase(pos, 1);
-            last_pos--;
         }
         
         filename+=path;