diff --git a/boost.api.inc b/boost.api.inc
index 60926c346a43702412aa51d028b13b4d5ddb9579..dae0e947670b4a9da092b7f9e7b6b87f3f342ae9 100644
--- a/boost.api.inc
+++ b/boost.api.inc
@@ -177,12 +177,13 @@ function boost_file_path($path) {
     $path = 'index'; // special handling for Drupal's front page
   }
 
-  // Compose the full file system path to the static file
-  $cache_dir = boost_cache_directory();
-  $cache_file = implode('/', array($cache_dir, $path)) . BOOST_FILE_EXTENSION;
+  // Convert any undesirable characters in the path to underscores
+  $path = preg_replace('@[^/a-z0-9_-]@i', '_', $path);
 
-  // Security check to make sure the file actually is where it should be
-  return file_check_location($cache_file, $cache_dir);
+  // Limit the maximum directory nesting depth of the path
+  $path = implode('/', array_slice(explode('/', $path), 0, BOOST_MAX_PATH_DEPTH));
+
+  return boost_cache_directory() . '/' . $path . BOOST_FILE_EXTENSION;
 }
 
 /**
diff --git a/boost.module b/boost.module
index c4f72cd5d5f8883964141cb7908ac2ba7d725d53..dee29c48fb32d184eec10ce7aa9dcc851b3b832f 100644
--- a/boost.module
+++ b/boost.module
@@ -15,6 +15,7 @@ define('BOOST_FRONTPAGE',            drupal_get_normal_path(variable_get('site_f
 define('BOOST_ENABLED',              variable_get('boost', CACHE_DISABLED));
 define('BOOST_FILE_PATH',            variable_get('boost_file_path', 'cache'));
 define('BOOST_FILE_EXTENSION',       variable_get('boost_file_extension', '.html'));
+define('BOOST_MAX_PATH_DEPTH',       10);
 define('BOOST_CACHEABILITY_OPTION',  variable_get('boost_cacheability_option', 0));
 define('BOOST_CACHEABILITY_PAGES',   variable_get('boost_cacheability_pages', ''));
 define('BOOST_FETCH_METHOD',         variable_get('boost_fetch_method', 'php'));