*  Fixed avatars_dir NULL byte injection vulnerability (CVE-2006-4759).
*  Added support for HttpOnly cookies. Credits to Matt Mecham for pre-PHP5.2
   hack.