Permalink
Browse files

Temporary fix for $_COOKIE/$_REQUEST superglobal issue

  • Loading branch information...
1 parent c9e1ca3 commit c7ddc634ae2205e03871e10f47fd700d84b50939 @kestasjk committed Dec 30, 2011
Showing with 33 additions and 1 deletion.
  1. +33 −1 header.php
View
@@ -56,6 +56,38 @@ function setExpires($expires) {
'<body>'.Config::$serverMessages['ServerOffline'].'</body></html>');
+if( ini_get('request_order') !== false ) {
+
+ // There is a request_order php.ini variable; this must be PHP 5.3.0+
+
+ /*
+ * This variable determines whether $_COOKIE is included in $_REQUEST;
+ * if request_order contains no 'c' then $_COOKIE is not included.
+ *
+ * $_COOKIE shouldn't be included in $_REQUEST, however since webDip
+ * has historically relied on it being there this code is here
+ * temporarily, while the improper $_REQUEST references are found and
+ * switched to $_COOKIE.
+ */
+ if( substr_count(strtolower(ini_get('request_order')), 'c') == 0 ) {
+ /*
+ * No 'c' in request_order, so no $_COOKIE variables in $_REQUEST;
+ * $_COOKIE will need to be merged into $_REQUEST manually.
+ *
+ * The default config used to be GPC ($_GET, $_POST, $_COOKIE), so
+ * to get the standard behaviour $_COOKIE overwrites variables
+ * already in $_REQUEST.
+ */
+
+ foreach($_COOKIE as $key=>$value)
+ {
+ $_REQUEST[$key] = $value;
+ // array_merge could be used here, but creating a new array
+ // for use as a super-global can have weird results.
+ }
+ }
+}
+
/*
* If register_globals in enabled remove globals.
*/
@@ -74,10 +106,10 @@ function stripslashes_deep(&$value)
{
switch( $var_name )
{
+ case "_COOKIE":
@kestasjk
kestasjk Dec 30, 2011 Owner

Moving this case was a mistake, but it has no effect

case "_POST":
case "_GET":
case "_REQUEST":
- case "_COOKIE":
if (get_magic_quotes_gpc())
{
// Strip slashes if magic quotes added slashes

0 comments on commit c7ddc63

Please sign in to comment.