* Include PR#11 from @kkomelin about CGI var vuln.