@gloin

I've linked to this post in the Bug Forum as well.
Lets hope it's not serious.

http://forums.b2evolution.net/viewforum.php?f=35

This is ridiculous (= "no problem").

$inc_path gets set by b2evolution itself and would therefor get overwritten from this kind of "global injection" (which would additionally require register_globals in PHP to be "on").

Things *like* these used to work back in 1999.

In this specific case, it would not even have worked back then because of the explicit global setting of $inc_path as stated by bluyed.

This is not even remotely a threat.