[VIM] true: firefly RFI, both doc_root and DOCUMENT_ROOT

[Steven M. Christey]

Researcher: Alkomandoz Hacker
Ref: http://www.milw0rm.com/exploits/3805

localize.php has:

    default :
     include $doc_root."/modules/admin/include/en.all_messages.php";
     include $doc_root."/modules/admin/include/en.all_messages2.php";

config.php has:

   include $doc_root."/modules/admin/include/applid.php";
   include $doc_root."/modules/admin/include/admin_sql.php";
   include $doc_root."/modules/admin/include/admin_displays.php";
   include $doc_root."/include/grant.php";
   include $doc_root."/modules/admin/include/localize.php";


Ref: FRSIRT:ADV-2007-1554

This reference mentions a separate DOCUMENT_ROOT vector in config.php,
and sure enough:

   include $DOCUMENT_ROOT."/config.php";


- Steve