Comment 4 for bug 848807

This bug was introduced on the 2.12 branch in r114796:

  r114796 | hannosch | 2010-07-16 15:01:27 -0400 (Fri, 16 Jul 2010) | 2 lines

  Fixed deprecation warnings in OFS.misc_

The bug is that a number of modules are imported at class scope in order
to compute paths on disk to images. I can't see any reason not to move those
imports up to module scope, which would remove the attack vector.

The attached patch against the 2.12 branch makes the reported URL result
in a 404 (as desired).