diff --git a/libraries/src/Form/Rule/FilePathRule.php b/libraries/src/Form/Rule/FilePathRule.php
index 636d7fab306bf..8452acd00cefb 100644
--- a/libraries/src/Form/Rule/FilePathRule.php
+++ b/libraries/src/Form/Rule/FilePathRule.php
@@ -49,17 +49,16 @@ public function test(\SimpleXMLElement $element, $value, $group = null, Registry
 			return true;
 		}
 
-		// Make sure $value starts with an a-z/A-Z character in order to not allow to break out of the current path
-		if (!preg_match("/^[A-Za-z]*$/", substr($value, 0, 1)))
-		{
-			return false;
-		}
-
-		// Check the exclude setting from the xml
+		// Get the exclude setting from the xml
 		$exclude = (array) explode('|', (string) $element['exclude']);
-		$path = explode('/', $value);
 
-		if (!empty($exclude) && (in_array(strtolower($path[0]), $exclude) || empty($path[0])))
+		// Exclude current folder '.' to be safe from full path disclosure
+		$exclude[] = '.';
+
+		// Check the exclude setting
+		$path = preg_split('/[\/\\\\]/', $value);
+
+		if (in_array(strtolower($path[0]), $exclude) || empty($path[0]))
 		{
 			return false;
 		}
@@ -67,6 +66,7 @@ public function test(\SimpleXMLElement $element, $value, $group = null, Registry
 		// Prepend the root path
 		$value = JPATH_ROOT . '/' . $value;
 
+		// Check if $value is a valid path, which includes not allowing to break out of the current path
 		try
 		{
 			Path::check($value);
diff --git a/tests/unit/suites/libraries/cms/form/rule/FilePathRuleTest.php b/tests/unit/suites/libraries/cms/form/rule/FilePathRuleTest.php
index 3ed8726172165..3f45e53b025db 100644
--- a/tests/unit/suites/libraries/cms/form/rule/FilePathRuleTest.php
+++ b/tests/unit/suites/libraries/cms/form/rule/FilePathRuleTest.php
@@ -36,11 +36,12 @@ public function dataTestPaths()
 			size="50"
 			default="images"
 			validate="filePath"
+			exclude="administrator|media"
 		/>');
 
 		return array(
 			array(true, $xml, ''),
-			array(false, $xml, '.images'),
+			array(true, $xml, '.images'),
 			array(false, $xml, './images'),
 			array(false, $xml, '.\images'),
 			array(false, $xml, '../images'),
@@ -52,16 +53,18 @@ public function dataTestPaths()
 			array(false, $xml, '/media'),
 			array(false, $xml, '/administrator'),
 			array(false, $xml, '/4711images'),
-			array(false, $xml, '4711images'),
-			array(false, $xml, '1'),
-			array(false, $xml, '_'),
-			array(false, $xml, '*'),
-			array(false, $xml, '%'),
-			array(false, $xml, '://foo'),
+			array(false, $xml, 'media'),
+			array(false, $xml, 'administrator'),
+			array(true, $xml, '4711images'),
+			array(true, $xml, '1'),
+			array(true, $xml, '_'),
+			array(true, $xml, '*'),
+			array(true, $xml, '%'),
+			array(true, $xml, '://foo'),
 			array(false, $xml, '/4711i/images'),
 			array(false, $xml, '../4711i/images'),
-			array(false, $xml, 'Εικόνες'),
-			array(false, $xml, 'Изображений'),
+			array(true, $xml, 'Εικόνες'),
+			array(true, $xml, 'Изображений'),
 		);
 	}