diff --git a/wp-includes/theme.php b/wp-includes/theme.php
index 6376075f1..2ed733582 100644
--- a/wp-includes/theme.php
+++ b/wp-includes/theme.php
@@ -486,12 +486,17 @@ function preview_theme() {
 	if ( !current_user_can( 'switch_themes' ) )
 		return;
 
-	$_GET[template] = preg_replace('|[^a-z0-9_-]|i', '', $_GET[template]);
+	$_GET[template] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET[template]);
+
+	if ( validate_file($_GET[template]) )
+		return;
 
 	add_filter('template', create_function('', "return '$_GET[template]';") );
 
 	if ( isset($_GET['stylesheet']) ) {
-		$_GET[stylesheet] = preg_replace('|[^a-z0-9_-]|i', '', $_GET[stylesheet]);
+		$_GET[stylesheet] = preg_replace('|[^a-z0-9_.-]|i', '', $_GET[stylesheet]);
+		if ( validate_file($_GET[stylesheet]) )
+			return;
 		add_filter('stylesheet', create_function('', "return '$_GET[stylesheet]';") );
 	}