diff --git a/bundles/AdminBundle/Controller/Searchadmin/SearchController.php b/bundles/AdminBundle/Controller/Searchadmin/SearchController.php
index 5d7c7da863c..a5405cf9dc5 100644
--- a/bundles/AdminBundle/Controller/Searchadmin/SearchController.php
+++ b/bundles/AdminBundle/Controller/Searchadmin/SearchController.php
@@ -77,9 +77,9 @@ public function findAction(Request $request, EventDispatcherInterface $eventDisp
 
         $query = $this->filterQueryParam($allParams['query'] ?? '');
 
-        $types = explode(',', $allParams['type'] ?? '');
-        $subtypes = explode(',', $allParams['subtype'] ?? '');
-        $classnames = explode(',', $allParams['class'] ?? '');
+        $types = explode(',', preg_replace("/[^a-z,]/i", '', $allParams['type'] ?? ''));
+        $subtypes = explode(',', preg_replace("/[^a-z,]/i", '', $allParams['subtype'] ?? ''));
+        $classnames = explode(',', preg_replace("/[^a-z0-9_,]/i", '', $allParams['class'] ?? ''));
 
         $offset = (int)$allParams['start'];
         $limit = (int)$allParams['limit'];