diff --git a/image.php b/image.php
index 367ca6e3..850bf8f6 100644
--- a/image.php
+++ b/image.php
@@ -414,7 +414,7 @@ function captcha($font,$size=24,$len=5,
 		}
 		$fw=Base::instance();
 		foreach ($fw->split($path?:$fw->UI.';./') as $dir)
-			if (is_file($path=$dir.$font)) {
+			if (is_file($path=realpath($dir.$font))) {
 				$seed=strtoupper(substr(
 					$ssl?bin2hex(openssl_random_pseudo_bytes($len)):uniqid(),
 					-$len));