diff --git a/src/sbbs3/filedat.c b/src/sbbs3/filedat.c
index 9403c42c7ad5c19eff9eb86269d6ed8b4f58ba61..f9ffb6015cf59efe5b86e4a4e85ce779f0cec453 100644
--- a/src/sbbs3/filedat.c
+++ b/src/sbbs3/filedat.c
@@ -810,12 +810,6 @@ long extract_files_from_archive(const char* archive, const char* outdir, const c
 		if(filetype != AE_IFREG)
 			continue;
 		char* filename = getfname(pathname);
-		if(allowed_filename_chars != NULL
-			&& *allowed_filename_chars != '\0'
-			&& strspn(filename, allowed_filename_chars) != strlen(filename)) {
-			safe_snprintf(error, maxerrlen, "disallowed filename '%s'", pathname);
-			break;
-		}
 		if(!with_path)
 			pathname = filename;
 		if(file_list != NULL) {
@@ -826,6 +820,12 @@ long extract_files_from_archive(const char* archive, const char* outdir, const c
 			if(file_list[i] == NULL)
 				continue;
 		}
+		if(allowed_filename_chars != NULL
+			&& *allowed_filename_chars != '\0'
+			&& strspn(filename, allowed_filename_chars) != strlen(filename)) {
+			safe_snprintf(error, maxerrlen, "disallowed filename '%s'", pathname);
+			break;
+		}
 		SAFECOPY(fpath, outdir);
 		backslash(fpath);
 		SAFECAT(fpath, pathname);