In-Reply-To: <17122201257.20020403160836@code-fu.de> The problem is caused by a specific change to the standard PHP options by the debian packages. For some reason magic_quotes_gpc is set to Off in the /etc/phpgroupware/apache.conf If you change the two entries to On then the security hole disappears. This IS NOT a phpGroupWare security hole per se, its a problem with a config setting that we rely on from PHP. We are currently looking at restructuring a few areas to take over what magic_quotes_gpc does so that we can be safe when it is turned off. That will likely show up in 0.9.16 since 0.9.14 is probably going to be released soon and wont have time to be retrofitted. Seek3r phpGroupWare Spokesperson
