diff --git a/src/BackpackElfinderController.php b/src/BackpackElfinderController.php
index 35dc848..cbac9ad 100644
--- a/src/BackpackElfinderController.php
+++ b/src/BackpackElfinderController.php
@@ -11,6 +11,11 @@ public function showPopup($input_id)
     {
         $mimes = request('mimes');
 
+        if (! isset($mimes)) {
+            Log::error('Someone attempted to tamper with mime types in elfinder popup. The attempt was blocked.');
+            abort(403, 'Unauthorized action.');
+        }
+
         try {
             $mimes = Crypt::decrypt(urldecode(request('mimes')));
         } catch (\Illuminate\Contracts\Encryption\DecryptException $e) {
@@ -18,7 +23,11 @@ public function showPopup($input_id)
             abort(403, 'Unauthorized action.');
         }
 
-        request()->merge(['mimes' => urlencode(serialize($mimes))]);
+        if (! empty($mimes)) {
+            request()->merge(['mimes' => urlencode(serialize($mimes))]);
+        } else {
+            request()->merge(['mimes' => '']);
+        }
 
         return $this->app['view']
             ->make($this->package.'::standalonepopup')