diff --git a/core/trunk/core/class/class_core_tools.php b/core/trunk/core/class/class_core_tools.php
index 1ff4f40bbb6d044d796e7557b2536266226b63be..c09ed8847e0acacbcfd323f930396d9040e470a1 100644
--- a/core/trunk/core/class/class_core_tools.php
+++ b/core/trunk/core/class/class_core_tools.php
@@ -1355,7 +1355,12 @@ class core_tools extends functions
         }
         // Cleans the page variables and looks if she exists or not before including her
         if(isset($_GET['page']) && !empty($_GET['page'])) {
-            $this->f_page = $this->wash($_GET['page'],"file","","yes");
+            // CVA 31 oct 2014 Security Local File Inclusion
+            $this->f_page = str_replace(
+                array('../', '..%2F'), 
+                array ('', ''), 
+                $this->wash($_GET['page'],"file","","yes")
+                );
         } else {
             $this->loadDefaultPage();
             return true;