The vulnerability does NOT exist in eGroupWare, as the code does NOT get called:
// finally our print our footer if (is_object($GLOBALS['egw'])) { $GLOBALS['egw']->common->egw_footer(); } else { require_once(APP_ROOT . '/includes/system_footer.php'); } include/system_footer.php also prevents direct calling via the URL. So I can only second Peters opinion that the fix is not necessary, thought it does not hurt, as the (fixed) code never get's called in eGW. Ralf eGroupWare developer and admin -- Ralf Becker eGroupWare Training & Support ==> http://www.egroupware-support.de Outdoor Unlimited Training GmbH [www.outdoor-training.de] Handelsregister HRB Kaiserslautern 3587 Geschäftsführer Birgit und Ralf Becker Leibnizstr. 17, 67663 Kaiserslautern, Germany Telefon +49 (0)631 31657-0