Bugtraq mailing list archives

Re: RFI ====> vBulletin v3.6.5

From: scott-REMOVE () vbulletin com
Date: 31 Jul 2007 13:21:26 -0000

I guess no one ever explained to you how an RFI works?

In order you've just listed.

1. $classfile comes from internal function calls and is only included if ^\w+$ matches.

2. $nextitem comes from a database row.

3. $specialtemplates isn't even used.

Rather than just searching for require_once / include_once in the code maybe actually read the context or even do some 
testing?

Scott MacVicar
Development Team, vBulletin

Current thread:

RFI ====> vBulletin v3.6.5 RaeD (Jul 30)
- <Possible follow-ups>
- Re: RFI ====> vBulletin v3.6.5 scott-REMOVE (Jul 31)
- Re: RFI ====> vBulletin v3.6.5 no-reply (Jul 31)