From a1637ffdf214b3f28872e13456b9e19075c66a4e Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 13 May 2007 20:15:24 +0200
Subject: [PATCH] rebuild $_REQUEST manually to avoid cookie interference
 FS#1104

darcs-hash:20070513181524-7ad00-20cb0328fc1b2881120d825f74ec032a5171f782.gz
---
 inc/init.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/inc/init.php b/inc/init.php
index 8e77d7ae0..4d9942ee0 100644
--- a/inc/init.php
+++ b/inc/init.php
@@ -97,13 +97,15 @@
     if (!empty($_POST))   remove_magic_quotes($_POST);
     if (!empty($_COOKIE)) remove_magic_quotes($_COOKIE);
     if (!empty($_REQUEST)) remove_magic_quotes($_REQUEST);
-#    if (!empty($_SESSION)) remove_magic_quotes($_SESSION); #FIXME needed ?
     @ini_set('magic_quotes_gpc', 0);
     define('MAGIC_QUOTES_STRIPPED',1);
   }
   @set_magic_quotes_runtime(0);
   @ini_set('magic_quotes_sybase',0);
 
+  // don't let cookies ever interfere with request vars
+  $_REQUEST = array_merge($_GET,$_POST);
+
   // disable gzip if not available
   if($conf['compression'] == 'bz' && !function_exists('bzopen')){
     $conf['compression'] = 'gz';
-- 
GitLab