From 88596a8cd9a9bb053d2d5bebf80c870dff49b639 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Sun, 15 Aug 2021 12:35:28 +0200
Subject: [PATCH] Fix for possible file inclusion vulnerability in i18n.php

Fix for https://github.com/serghey-rodin/vesta/issues/2052
---
 web/inc/i18n.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/inc/i18n.php b/web/inc/i18n.php
index 8b8abf3a3a..9d6c1b7e9e 100644
--- a/web/inc/i18n.php
+++ b/web/inc/i18n.php
@@ -24,7 +24,7 @@ function _translate() {
 
     // Load language file (if not loaded yet)
     if (!isset($LANG[$l])) {
-        require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/$l.php");
+        require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/".basename($l).".php");
     }
 
     //if (!isset($LANG[$l][$key])) file_put_contents('/somewhere/something.log', "$key\n", FILE_APPEND);