i posted this fix awhile back,

add the fllowing code to your ray/modules/global/inc/content.inc.php

add it at the top above the 1st require once command

if (isset($_REQUEST['sIncPath']))
die ('Hacking attempt');

so it looks like this :

if (isset($_REQUEST['sIncPath']))
die ('Hacking attempt');

require_once($sIncPath . "xml.inc.php");
require_once($sIncPath . "constants.inc.php");
require_once($sIncPath . "apiFunctions.inc.php");

this stops any see more remote includes being used

next edit /plugins/safehtml/HTMLSax3.php add this at the top above the require once

if (isset($_REQUEST['dir']))
die ('Hacking attempt');

so it looks like this:

if (isset($_REQUEST['dir']))
die ('Hacking attempt');

require_once( "{$dir['plugins']}safehtml/HTMLSax3/States.php" );
require_once( "{$dir['plugins']}safehtml/HTMLSax3/Decorators.php" );

this stops remote access to your directories

you need to move to a more secure host