Ashar Voultoiz <hashar@... <http://gmane.org/get-address.php?address=hashar%2dwhniv8GeeGkdnm%2byROfE0A%40public.gmane.org>> wrote Thomas Gries wrote: We dont use register_globals on WikiMedia website, i think most php packages now ship with register_globals to off and anyone still using it should recode their scripts :) Ashar, thank you for quick reply. However, the above references describe a severe problem even for the case, that register_globals _is_ off. The UPLOAD function has the flaw (pls. carefully study the both resources), which can cause a glitch in the PHP internal setting for register_globals. I recommend the MediaWiki developers study the both references for consequences. Tom