diff --git a/controllers/internals/ExpressionProvider.php b/controllers/internals/ExpressionProvider.php
index 7c36bae..b02f070 100644
--- a/controllers/internals/ExpressionProvider.php
+++ b/controllers/internals/ExpressionProvider.php
@@ -18,7 +18,17 @@ class ExpressionProvider implements ExpressionFunctionProviderInterface
 {
     public function getFunctions()
     {
+        //Override default constant() function to make it return null
+        //This will prevent the use of constant() func to read constants with security impact (such as session, db credentials, etc.)
+        $neutralized_constant = new ExpressionFunction('constant', function ($str) {
+            return null;
+        }, function ($arguments, $str) {
+            return null;
+        });
+
+
         return [
+            $neutralized_constant,
             ExpressionFunction::fromPhp('is_null', 'exists'),
             ExpressionFunction::fromPhp('mb_strtolower', 'lower'),
             ExpressionFunction::fromPhp('mb_strtoupper', 'upper'),