Modified to be PHP 4 friendly. A few functions have been added to the knowledge base: extract, shell_exec, pcntl_exec, and exec. The organization of the knowledge base file (vuln_db.xml) has been slightly improved. The _getAllPhpFiles function may miss a few (unverified). The tokenizer needs to be able to differentiate between a native function call and class method call of the same name, i.e. mail() and $class->mail().