security: Add missing input validation for plugin

This is a security bug. The contents of the file are not
immediately disclosed, but it could disclose environment information
to the attacker (when display_errors=1 and an ancient PHP version
is used that does not check for '\0' in `file_exists()`).

0 files changed, 0 insertions, 0 deletions