}
// Add description as navigation point
-ADD_DESCR("member", basename(__FILE__));
+ADD_DESCR("member", __FILE__);
// Load the include file
-$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, $GLOBALS['what']);
+$INC_WHAT = sprintf("%sinc/modules/member/what-%s.php", PATH, SQL_ESCAPE($GLOBALS['what']));
if (FILE_READABLE($INC_WHAT)) {
// Ok, we finally load the member action module
include_once($INC_WHAT);