diff --git a/workflow/engine/methods/setup/skin_Ajax.php b/workflow/engine/methods/setup/skin_Ajax.php
index 7978c89b7..e00bc76be 100755
--- a/workflow/engine/methods/setup/skin_Ajax.php
+++ b/workflow/engine/methods/setup/skin_Ajax.php
@@ -6,7 +6,7 @@ if (! isset( $_REQUEST['action'] )) {
     print G::json_encode( $res );
     die();
 }
-if (! function_exists( $_REQUEST['action'] )) {
+if (! function_exists( $_REQUEST['action'] ) || !G::isUserFunction($_REQUEST['action'])) {
     $res['success'] = false;
     $res['error'] = $res['message'] = G::LoadTranslation('ID_REQUEST_ACTION_NOT_EXIST');