get avatar API bug

[Belikhun]

Describe the bug
We can use /api/avt/get to read content of other file

To Reproduce
Steps to reproduce the behavior:

1. Go to api/avt/get?u=get or api/avt/get?u=change
2. A part of get.php or change.php showed up

Expected behavior
Should return default avatar

Screenshots

Additional context

Much empty

[Belikhun]

Fixed in commit b311eb3