additional check against REQUEST overwriting

2006-09-26 20:19:02 +00:00
parent ac2f606a21
commit 50319d634c
1 changed files with 3 additions and 1 deletions
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -2887,7 +2887,9 @@ if (!isset($_REQUEST['token']) || empty($_SESSION[' PMA_token ']) || $_SESSION['
        /* Possible login form */
        'pma_servername', 'pma_username', 'pma_password',
    );
-    $keys = array_keys($_REQUEST);
+    //$keys = array_keys($_REQUEST);
+    // do not check only $_REQUEST because it could have been overwritten
+    $keys = array_keys(array_merge($_REQUEST, $_GET, $_POST, $_COOKIE));
    /* Remove any non allowed stuff from requests */
    foreach($keys as $key) {
        if (!in_array($key, $allow_list)) {