bug [core] Remove cookies from $_REQUEST for better coexistence with other applications

2008-02-23 21:16:42 +00:00
parent f990acca9e
commit 8ad4a854e4
2 changed files with 9 additions and 0 deletions
--- a/2
+++ b/2
@@ -63,6 +63,8 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
  thanks to Jürgen Wind - windkiel
 - bug [GUI] Do not display the database name used by the previous user,
  thanks to Ronny Görner
+- bug [core] Remove cookies from $_REQUEST for better coexistence with
+  other applications, thanks to Richard Cunningham

 2.11.4.0 (2008-01-12)
 - bug #1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -220,6 +220,13 @@ if (isset($_POST['usesubform'])) {
        unset($_POST['redirect']);
    }
    unset($subform_id, $subform);
+} else {
+    // Note: here we overwrite $_REQUEST so that it does not contain cookies,
+    // because another application for the same domain could have set
+    // a cookie (with a compatible path) that overrides a variable 
+    // we expect from GET or POST.
+    // We'll refer to cookies explicitly with the $_COOKIE syntax.
+    $_REQUEST = array_merge($_GET, $_POST);
 }
 // end check if a subform is submitted