diff --git a/bl-kernel/abstract/plugin.class.php b/bl-kernel/abstract/plugin.class.php
index 1e726a45..ad300fd5 100644
--- a/bl-kernel/abstract/plugin.class.php
+++ b/bl-kernel/abstract/plugin.class.php
@@ -55,13 +55,16 @@ class Plugin {
 
 		// --- Metadata ---
 		$this->filenameMetadata = PATH_PLUGINS.$this->directoryName().DS.'metadata.json';
-		$metadataString = file_get_contents($this->filenameMetadata);
-		$this->metadata = json_decode($metadataString, true);
 
-		// If the plugin is installed then get the database
-		if ($this->installed()) {
-			$Tmp = new dbJSON($this->filenameDb);
-			$this->db = $Tmp->db;
+		if( Sanitize::pathFile($this->filenameMetadata) ) {
+			$metadataString = file_get_contents($this->filenameMetadata);
+			$this->metadata = json_decode($metadataString, true);
+
+			// If the plugin is installed then get the database
+			if ($this->installed()) {
+				$Tmp = new dbJSON($this->filenameDb);
+				$this->db = $Tmp->db;
+			}
 		}
 	}
 
@@ -324,4 +327,4 @@ class Plugin {
 		return true;
 	}
 
-}
\ No newline at end of file
+}
diff --git a/bl-kernel/boot/rules/60.plugins.php b/bl-kernel/boot/rules/60.plugins.php
index 5d12ccd4..b741a8b9 100644
--- a/bl-kernel/boot/rules/60.plugins.php
+++ b/bl-kernel/boot/rules/60.plugins.php
@@ -78,6 +78,9 @@ function buildPlugins()
 		$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.$site->language().'.json';
 		if( !Sanitize::pathFile($languageFilename) ) {
 			$languageFilename = PATH_PLUGINS.$Plugin->directoryName().DS.'languages'.DS.DEFAULT_LANGUAGE_FILE;
+			if( !Sanitize::pathFile($languageFilename) ) {
+				continue;
+			}
 		}
 
 		$database = file_get_contents($languageFilename);