Howto fix Drupal's update.php when $_REQUEST is denied by a paranoid sysadmin

I dont know how much people get to this problem, but one thing is sure: when you have a paranoid sysadmin, you might encounter some surprises with PHP and globals.

The annoying case is here when you restrict PHP to the maximum you can, you can't access to the $_REQUEST superglobal.

FYI1, this superglobal is an array merge (copius vulgaris2) of both $_POST and $_GET superglobals..

What's saves us is that in Drupal's core code, this $_REQUEST superglobal is never used (or was sometimes ago), some grep3 revealed it to me.

But, what's annoying here, is the only part of Drupal I found usage of this variable, is the update.php file. So, what happens in real life, when you try to update you site in this case?
The answer is: "Just nothing.".

Why? Because update.php can't find it's op parameter, which, in facts, comes directly from $_GET or $_POST (depending on the step you are).

So, the actual solution, is this patch (working for Drupal 6.12):

% diff -urN update.php.orig update.php
--- update.php.orig 2009-05-17 14:00:03.000000000 +0200
+++ update.php 2009-05-17 13:27:06.000000000 +0200
@@ -625,6 +625,8 @@
   update_fix_d6_requirements();
   update_fix_compatibility();

+  if ($_POST['op']) $_REQUEST['op'] = $_POST['op'];
+
   $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : '';
   switch ($op) {
     case 'selection':

WTF does this patch4 do?!
Simple, it handles the original developer lazyness, just does a simple test which is, "Do I have my $_POST['op'] parameter? Yes? Ok, use it!" Simple hu?

One line of code, some hours of happyness saved!

  1. 1. FYI, FYI means "For You Information"
  2. 2. Which in some case, is wrong; this is a copy of those superglobals, so if you aptempt to modify a value in $_REQUEST, it won't modify the original value got in $_GET or $_POST
  3. 3. May UNIX be with you
  4. 4. To use it, by the way, download the attached file, and simply use the "patch" command of your OS (RTFM, please)
AttachmentSize
update.php-6.12-request_bug.patch345 bytes

$_REQUEST also merges in $_COOKIE

"this superglobal is an array merge (copius vulgaris2) of both $_POST and $_GET superglobals.."

And it also merges in $_COOKIE

in pre 4.3 it also included $_FILES

Also works with Drupal 6.13

This patch also works with Drupal 6.13

About