Not vuln. :\ $this_path = substr($_SERVER["SCRIPT_FILENAME"],0,max(strrpos($_SERVER["SCRIPT_FILENAME"],"/"),strrpos($_SERVER["SCRIPT_FILENAME"],"\\"))+1); // uncomment the following line if you run into an error like "Fatal error trying to include config.inc.php" // $this_path = "/absolute/path/to/naig/";