Index: wp-admin/includes/theme.php
===================================================================
--- wp-admin/includes/theme.php	(revision 12234)
+++ wp-admin/includes/theme.php	(working copy)
@@ -131,6 +131,12 @@
 
 	if ( is_array( $templates ) ) {
 		foreach ( $templates as $template ) {
+			$basename = str_replace(array(trailingslashit(get_template_directory()), trailingslashit(get_stylesheet_directory())), '', $template);
+
+			// don't allow template files in subdirectories
+			if ( false !== strpos($basename, '/') )
+				continue;
+
 			$template_data = implode( '', file( $template ));
 
 			$name = '';
@@ -138,7 +144,7 @@
 				$name = _cleanup_header_comment($name[1]);
 
 			if ( !empty( $name ) ) {
-				$page_templates[trim( $name )] = basename( $template ); ;
+				$page_templates[trim( $name )] = $basename;
 			}
 		}
 	}