diff --git a/prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java b/prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java
index bca16ab..b1df109 100644
--- a/prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java
+++ b/prototype/src/main/java/org/hso/ecommerce/controller/shop/ShopArticleController.java
@@ -101,10 +101,12 @@ public class ShopArticleController {
                                     @PathVariable("id") Long id
     ) throws IOException {
         Article article = articleRepository.findArticleById(id);
-        
+
         if(article.image != null) {
             File file = new File(article.image.path);
-            if (file.getCanonicalPath().startsWith("./data/img/")) {
+            File allowedPath = new File("./data/img/");
+
+            if (file.getCanonicalPath().startsWith(allowedPath.getCanonicalPath())) {
                 InputStream in = new FileInputStream(file);
                 response.setContentType(MediaType.IMAGE_JPEG_VALUE);
                 IOUtils.copy(in, response.getOutputStream());