Little error for the file upload vulnerability. Updated, see http://www.acid-root.new.fr/advisories/12070214.txt. Sorry for the inconvenience :(. "An attacker can access to this script, simply by sending a request which not contains the "is_guest" and "is_user" variables."