This vulnerability does not exist. Even with register_globals on, $dir and $qadir are overridden by a static variable within the script itself.