> If include of data urls is enabled, the attacker could do the same with > &file=data:image/png;base64,PD9waHAgZXZhbCgkX0dFVFsiY29kZSJdKTsgPz4K
Okay, I got it ;-) So it would be nice if someone could update the documentation and set the bug to "resolved" Thanks for your help.
