Neo Security Team reports:
If we specify a variable in the html code (any type:
hidden, text, radio, check, etc) with the name allowhtml,
allowbbcode or allowsmilies, is going to be on the html,
bbcode and smilies in our signature.
This is a low risk vulnerability that allows users to bypass
forum-wide configuration.