Are Horde users vulnerable? Seems like we are, since include() and require() are frequently used in all the code I've looked at. One of many links here http://ployer.com/archives/2004/12/bad_santye_rena.php /Larry Honig