bug #1149381

ChangeLog

@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2005-02-23 Alexander M. Turek  <me@derrabus.de>
+    * libraries/grab_globals.lib.php: More hotfixes against bug #1149381.
+
 2005-02-22 Alexander M. Turek  <me@derrabus.de>
     * libraries/grab_globals.lib.php: Hotfix against bug #1149381 and parts
       of bug #1149383.

libraries/grab_globals.lib.php

@@ -25,12 +25,15 @@ function PMA_gpc_extract($array, &$target) {
          * parameters.
          *
          * Currently, the following variable names are rejected when found in
-         * $_GET or $_POST: cfg and str*
+         * $_GET or $_POST: cfg, GLOBALS, str* and _*
          *
          * Warning: this also affects array keys:
          * Variables like $_GET['harmless']['cfg'] will also be rejected!
          */
-        if ($key == 'cfg' || substr($key, 0, 3) == 'str') {
+        if ($key == 'cfg'
+            || $key == 'GLOBALS'
+            || substr($key, 0, 3) == 'str'
+            || $key{0} == '_') {
             continue;
         }