diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php
index e406ac3d2..e26f01cef 100755
--- a/gulliver/system/class.g.php
+++ b/gulliver/system/class.g.php
@@ -463,8 +463,11 @@ class G
      * @return void
      */
     public static function LoadSystem ($strClass)
-    {
-        require_once (PATH_GULLIVER . 'class.' . $strClass . '.php');
+    {   require_once (PATH_GULLIVER . 'class.inputfilter.php');
+        $filter = new InputFilter();
+        $path  = PATH_GULLIVER . 'class.' . $strClass . '.php';
+        $path  = $filter->validateInput($path, 'path');
+        require_once ($path);
     }
 
     public function LoadSystemExist ($strClass)
diff --git a/workflow/engine/classes/class.pluginRegistry.php b/workflow/engine/classes/class.pluginRegistry.php
index c95d22407..611ae1ed5 100755
--- a/workflow/engine/classes/class.pluginRegistry.php
+++ b/workflow/engine/classes/class.pluginRegistry.php
@@ -489,8 +489,11 @@ class PMPluginRegistry
         if (! file_exists( PATH_PLUGINS . $pluginFile )) {
             throw (new Exception( "File \"$pluginFile\" doesn't exist" ));
         }
-
-        require_once (PATH_PLUGINS . $pluginFile);
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $path = PATH_PLUGINS . $pluginFile;
+        //$path = $filter->validateInput($path, 'path');
+        require_once ($path);
         $details = $this->getPluginDetails( $pluginFile );
 
         $this->installPlugin( $details->sNamespace );
@@ -509,7 +512,11 @@ class PMPluginRegistry
         }
 
         ///////
-        require_once (PATH_PLUGINS . $pluginFile);
+        $path = PATH_PLUGINS . $pluginFile;
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $path = $filter->validateInput($path, 'path');
+        require_once ($path);
 
         foreach ($this->_aPluginDetails as $namespace => $detail) {
             if ($namespace == $sNamespace) {
diff --git a/workflow/engine/classes/model/AddonsManager.php b/workflow/engine/classes/model/AddonsManager.php
index dd815066b..7eb78f9a9 100644
--- a/workflow/engine/classes/model/AddonsManager.php
+++ b/workflow/engine/classes/model/AddonsManager.php
@@ -132,7 +132,11 @@ class AddonsManager extends BaseAddonsManager
 
         $oPluginRegistry = &PMPluginRegistry::getSingleton();
 
-        require_once (PATH_PLUGINS . $this->getAddonName() . ".php");
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
+        $requiredPath = PATH_PLUGINS . $this->getAddonName() . ".php";
+        $requiredPath = $filter->validateInput($requiredPath, 'path');
+        require_once ($requiredPath);
 
         if ($enable) {
             //$oDetails = $oPluginRegistry->getPluginDetails($this->getAddonName());
diff --git a/workflow/engine/methods/setup/pluginsChange.php b/workflow/engine/methods/setup/pluginsChange.php
index 8f070a65a..1ba948ccb 100755
--- a/workflow/engine/methods/setup/pluginsChange.php
+++ b/workflow/engine/methods/setup/pluginsChange.php
@@ -29,7 +29,10 @@ $pluginStatus = $_GET['status'];
 $items = array ();
 G::LoadClass( 'plugin' );
 //here we are enabling or disabling the plugin and all related options registered.
-
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$path = PATH_PLUGINS . $pluginFile;
+$path = $filter->validateInput($path, 'path');
 
 $oPluginRegistry = & PMPluginRegistry::getSingleton();
 
@@ -69,7 +72,7 @@ if ($handle = opendir( PATH_PLUGINS )) {
                     }
                     /*----------------------------------********---------------------------------*/
                     //print "change to ENABLED";
-                    require_once(PATH_PLUGINS . $pluginFile);
+                    require_once($path);
                     $details = $oPluginRegistry->getPluginDetails($pluginFile);
                     $oPluginRegistry->enablePlugin($details->sNamespace);
                     $oPluginRegistry->setupPlugins(); //get and setup enabled plugins