diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 25add89f1b..e8984d8ce3 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -5,12 +5,17 @@ if ( isset($_GET['action']) ) {
 	if ('activate' == $_GET['action']) {
 		check_admin_referer('activate-plugin_' . $_GET['plugin']);
 		$current = get_option('active_plugins');
-		if (!in_array($_GET['plugin'], $current)) {
-			$current[] = trim( $_GET['plugin'] );
+		$plugin = trim($_GET['plugin']);
+		if ( validate_file($plugin) )
+			wp_die(__('Invalid plugin.'));
+		if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) )
+			wp_die(__('Plugin file does not exist.'));
+		if (!in_array($plugin, $current)) {
+			$current[] = $plugin;
 			sort($current);
 			update_option('active_plugins', $current);
-			include(ABSPATH . PLUGINDIR . '/' . trim( $_GET['plugin'] ));
-			do_action('activate_' . trim( $_GET['plugin'] ));
+			include(ABSPATH . PLUGINDIR . '/' . $plugin);
+			do_action('activate_' . $plugin);
 		}
 		wp_redirect('plugins.php?activate=true');
 	} else if ('deactivate' == $_GET['action']) {