$NetBSD: patch-ad,v 1.1 2008/07/25 00:53:58 tonnerre Exp $

--- spaw/dialogs/img.php.orig	2006-04-18 13:25:53.000000000 +0200
+++ spaw/dialogs/img.php
@@ -12,6 +12,9 @@
 // v.1.0, 2003-04-01
 // ================================================
 
+// Prevent remote file inclusion
+if (preg_match("/:\/\//i", $spaw_root)) die ("can't include external file");
+
 // include wysiwyg config
 include '../config/spaw_control.config.php';
 include $spaw_root.'class/util.class.php';
