diff --git a/lib/View.php b/lib/View.php
index 666a03f7..9a83e6e4 100644
--- a/lib/View.php
+++ b/lib/View.php
@@ -12,6 +12,7 @@
 namespace PrivateBin;
 
 use Exception;
+use GlobIterator;
 
 /**
  * View
@@ -49,13 +50,21 @@ class View
      */
     public function draw($template)
     {
+        $dir  = PATH . 'tpl' . DIRECTORY_SEPARATOR;
         $file = substr($template, 0, 10) === 'bootstrap-' ? 'bootstrap' : $template;
-        $path = PATH . 'tpl' . DIRECTORY_SEPARATOR . $file . '.php';
-        if (!file_exists($path)) {
+        $path = realpath($dir . $file . '.php');
+        if ($path === false) {
             throw new Exception('Template ' . $template . ' not found!', 80);
         }
-        extract($this->_variables);
-        include $path;
+        foreach (new GlobIterator($dir . '*.php') as $tplFile) {
+            if ($tplFile->getRealPath() === $path) {
+                $templatesInPath = new GlobIterator(PATH . 'tpl' . DIRECTORY_SEPARATOR . '*.php');
+                extract($this->_variables);
+                include $path;
+                return;
+            }
+        }
+        throw new Exception('Template ' . $file . '.php not found in ' . $dir . '!', 81);
     }
 
     /**
diff --git a/tst/ViewTest.php b/tst/ViewTest.php
index 26994579..eb34addc 100644
--- a/tst/ViewTest.php
+++ b/tst/ViewTest.php
@@ -142,4 +142,13 @@ class ViewTest extends TestCase
         $this->expectExceptionCode(80);
         $test->draw('123456789 does not exist!');
     }
+
+    public function testInvalidTemplate()
+    {
+        $test = new View;
+        $this->expectException(Exception::class);
+        $this->expectExceptionCode(81);
+        $test->draw('../index');
+    }
+
 }