From 6fdfef4e88162ca721a93df799636984e2ce37b9 Mon Sep 17 00:00:00 2001
From: Anton Reutov <a.reutov@outlook.com>
Date: Mon, 16 Aug 2021 12:36:08 +0300
Subject: [PATCH] Fix for possible file inclusion vulnerability in i18n.php

---
 web/inc/i18n.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/inc/i18n.php b/web/inc/i18n.php
index 8b8abf3a3..9d6c1b7e9 100644
--- a/web/inc/i18n.php
+++ b/web/inc/i18n.php
@@ -24,7 +24,7 @@ function _translate() {
 
     // Load language file (if not loaded yet)
     if (!isset($LANG[$l])) {
-        require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/$l.php");
+        require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/".basename($l).".php");
     }
 
     //if (!isset($LANG[$l][$key])) file_put_contents('/somewhere/something.log', "$key\n", FILE_APPEND);