diff --git a/src/php/ajax.php b/src/php/ajax.php
index f82ae64..10af810 100644
--- a/src/php/ajax.php
+++ b/src/php/ajax.php
@@ -11,7 +11,7 @@
 const SHORTINIT = true;
 
 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash
-$root = isset( $_SERVER['SCRIPT_FILENAME'] ) ? filter_var( $_SERVER['SCRIPT_FILENAME'], FILTER_SANITIZE_STRING ) : '';
+$root = isset( $_SERVER['SCRIPT_FILENAME'] ) ? filter_var( $_SERVER['SCRIPT_FILENAME'], FILTER_SANITIZE_FULL_SPECIAL_CHARS ) : '';
 $root = dirname( $root, 6 );
 
 require $root . '/wp-load.php';