[VIM] SimpleBoard sbp file inclusion - more info

[Steven M. Christey]

ref:

  http://milw0rm.com/exploits/1994

The milw0rm posting claims the bug was found in file_upload.php, but
the demonstration URL uses image_upload.php.  I did some source code
inspection that shows that the same statement:

   require_once("$sbp/sb_helpers.php")

appears at the top of both files.  Other files also have this
statement, but they include a check for direct requests using a
defined('_VALID_MOS') test.

- Steve