diff --git a/core/document.cpp b/core/document.cpp
index bc0232a..a2c8b46 100644
--- a/core/document.cpp
+++ b/core/document.cpp
@@ -3826,6 +3826,18 @@ bool Document::openDocumentArchive( const QString & docFile, const KUrl & url )
return false;
const KArchiveDirectory * mainDir = okularArchive.directory();
+
+ // Check the archive doesn't have folders, we don't create them when saving the archive
+ // and folders mean paths and paths mean path traversal issues
+ foreach ( const QString &entry, mainDir->entries() )
+ {
+ if ( mainDir->entry( entry )->isDirectory() )
+ kWarning(OkularDebug) << "Warning: Found a directory inside" << docFile << " - Okular does not create files like that so it is most probably forged.";
+ return false;
+ }
const KArchiveEntry * mainEntry = mainDir->entry( "content.xml" );
if ( !mainEntry || !mainEntry->isFile() )