first part of security fixes

libraries/common.lib.php

@@ -2740,7 +2740,16 @@ if (get_magic_quotes_gpc()) {
     PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true);
 }
 
-require_once './libraries/session.inc.php';
+/**
+ * Check for numeric keys 
+ * (if register_globals is on, we'll find a numeric key here)
+ */
+
+foreach ($GLOBALS as $key => $dummy) {
+    if (is_numeric($key)) {
+        die('numeric key detected');
+    }
+}
 
 /**
  * include deprecated grab_globals only if required
@@ -2749,6 +2758,11 @@ if (empty($__redirect) && !defined('PMA_NO_VARIABLES_IMPORT')) {
     require './libraries/grab_globals.lib.php';
 }
 
+/**
+ * include session handling after the globals, to avoid overwriting 
+ */
+require_once './libraries/session.inc.php';
+
 /**
  * init some variables LABEL_variables_init
  */

libraries/session.inc.php

@@ -84,6 +84,7 @@ ini_set('session.save_handler', 'files');
 
 /**
  * Token which is used for authenticating access queries.
+ * (we use "space PMA_token space" to prevent overwriting)
  */
 if (!isset($_SESSION[' PMA_token '])) {
     $_SESSION[' PMA_token '] = md5(uniqid(rand(), true));