Hello,
> Thanks for showing this vulnerability :) In fact it was not supposed
> to be safe, but now it shoud be :) You are right this is not a
adding
if(strstr($_GET['url'],"file:"))
die;
is not safe at all...
Regard,
Stefan