On 8-11-2008 0:09, Andrea De Iacovo wrote: > 6. we can try to prepare a workaround while we wait an officile fix from > upstream: maybe I could implement a function to check out if dangerous > cookies are present and stop any other operation until those cookies are > not removed. >
There is an easy fix suggestion at http://brian.moonspot.net/2008/01/17/responsible-use-of-the-_request-variable/ $user_input = array_merge($_GET, $_POST); or even better: if(!empty($_POST)){ $user_input = $_POST; } elseif { $user_input = $_GET; } Now replace all usage of $_REQUEST with $user_input. Sounds safe, but needs testing.. in case wordpress actually reads cookie values from $_REQUEST (yuck). Regards, Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
