includes/functions/compatibility.php

CODE
if ((int)ini_get('register_globals') > 0) {
if (isset($_REQUEST['GLOBALS'])) {
die('GLOBALS overwrite attempt detected');
}

$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');

$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) ? (array)$_SESSION : array());

foreach ($input as $k => $v) {
if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
unset($GLOBALS[$k]);
}
}

unset($noUnset);
unset($input);
unset($k);
unset($v);
}



It is possible to unset $noUnset variable by passing this variable by the browser.
For example, http://www.domain.com/index.php?noUnset=1
This way 'noUnset' will be in the $input and will be destroyed.
I think you should add 'noUnset' element to $noUnset array or incapsulate the whole code into a function.