diff --git a/src/routes/plugins.js b/src/routes/plugins.js
index 72af49fbed..3f868bbc62 100644
--- a/src/routes/plugins.js
+++ b/src/routes/plugins.js
@@ -1,41 +1,31 @@
 "use strict";
 
-var	_ = require('underscore'),
-	nconf = require('nconf'),
-	path = require('path'),
-	fs = require('fs'),
-	validator = require('validator'),
-	async = require('async'),
-	winston = require('winston'),
-
-	plugins = require('../plugins'),
-	helpers = require('../controllers/helpers');
+var	_ = require('underscore');
+var path = require('path');
 
+var plugins = require('../plugins');
 
 module.exports = function(app, middleware, controllers) {
 	// Static Assets
 	app.get('/plugins/:id/*', middleware.addExpiresHeaders, function(req, res, next) {
-		var	relPath = req._parsedUrl.pathname.replace('/plugins/', ''),
-			matches = _.map(plugins.staticDirs, function(realPath, mappedPath) {
-				if (relPath.match(mappedPath)) {
-					return mappedPath;
-				} else {
-					return null;
+
+		var	relPath = req._parsedUrl.pathname.replace('/plugins/', '');
+
+		var matches = _.map(plugins.staticDirs, function(realPath, mappedPath) {
+			if (relPath.match(mappedPath)) {
+				var pathToFile = path.join(plugins.staticDirs[mappedPath], decodeURIComponent(relPath.slice(mappedPath.length)));
+				if (pathToFile.startsWith(plugins.staticDirs[mappedPath])) {
+					return pathToFile;
 				}
-			}).filter(Boolean);
+			}
 
-		if (!matches) {
+			return null;
+		}).filter(Boolean);
+
+		if (!matches || !matches.length) {
 			return next();
 		}
 
-		matches = matches.map(function(mappedPath) {
-			return path.join(plugins.staticDirs[mappedPath], decodeURIComponent(relPath.slice(mappedPath.length)));
-		});
-
-		if (matches.length) {
-			res.sendFile(matches[0]);
-		} else {
-			next();
-		}
+		res.sendFile(matches[0]);
 	});
-};
+};
\ No newline at end of file