yes and it was...refused is from october i try to pass validation evry time new things came out
If - in the unlikely event that someone was able to get admin access through nefarious means (XSS/CSRF would be sufficient) - the above could be used to do arbitrary code inclusion, as the following demonstrates:
http://www.domain.tld/phpBB/admin/admin ... tar.jpg%00
(requires magic_quotes_gpc be disabled)
If that, If other, i'm boring i no think to try to validate it again i'm sure also if i submit my mod again (after fix this issue) the mod team find another thing after another month (or monts)
after plus 3 monts i no have more patient sorry but I surrender
Ps: this is the answer to a request support in trying to fix issue described!!!
I can't speak for the team for all eternity, but my impression is that no online file editor MOD will ever be accepted - it's a too big security hazard.