The previous version of include.php contained a very severe security hole, allowing the inclusion of local files (like /etc/passwd & friends) even in the most paranoid configuration.
I've notified Noah (7 emails sent since july 2010, with different subjects and from different adresses, tried to use the online notification available at http://www.noah.org/cgi-bin/email but it's broken, left a security warning on the home page with a link to my webpage), but I got just one answer asking me to resend my code, which I did, several times. I hate doing this, but I'm hijacking this page to point to my version, to avoid leaving users of this extensions vulnerable to the security hole.
Noah, if you read this and whish to step back in as a maintainer, I'd be glad to let you do so.
This post was posted by Peachey88 (Flood), but signed as MatthieuMoy.