That bug is the following :
- A user made a PHP pages on his own server, that steel any visitor's IP adress.
That user embed that pages in BB Code.
So, is there a way to forbid for example .php codes. Is there a way to fix that withou disabling the whole IMG BB Code.