From c248521f502c74c6cea7b0d221639d4aa752d5db Mon Sep 17 00:00:00 2001
From: Taylor Otwell <taylorotwell@gmail.com>
Date: Wed, 8 Apr 2020 10:50:25 -0500
Subject: [PATCH] prevent insecure characters in locale

---
 src/Illuminate/Translation/Translator.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/Illuminate/Translation/Translator.php b/src/Illuminate/Translation/Translator.php
index cdf7b8340502..cc34905d832b 100755
--- a/src/Illuminate/Translation/Translator.php
+++ b/src/Illuminate/Translation/Translator.php
@@ -10,6 +10,7 @@
 use Illuminate\Support\NamespacedItemResolver;
 use Illuminate\Support\Str;
 use Illuminate\Support\Traits\Macroable;
+use InvalidArgumentException;
 
 class Translator extends NamespacedItemResolver implements TranslatorContract
 {
@@ -406,6 +407,10 @@ public function getLocale()
      */
     public function setLocale($locale)
     {
+        if (Str::contains($locale, ['.', '/', '\\'])) {
+            throw new InvalidArgumentException('Invalid characters present in locale.');
+        }
+
         $this->locale = $locale;
     }