Ajouter un commentaire

I dont know how much people get to this problem, but one thing is sure: when you have a paranoid sysadmin, you might encounter some surprises with PHP and globals.

The annoying case is here when you restrict PHP to the maximum you can, you can't access to the $_REQUEST superglobal.

FYI[fn]FYI, FYI means "For You Information"[/fn], this superglobal is an array merge (copius vulgaris[fn]Which in some case, is wrong; this is a copy of those superglobals, so if you aptempt to modify a value in $_REQUEST, it won't modify the original value got in $_GET or $_POST[/fn]) of both $_POST and $_GET superglobals.[/fn].

What's saves us is that in Drupal's core code, this $_REQUEST superglobal is never used (or was sometimes ago), some grep[fn]May UNIX be with you[/fn] revealed it to me.

But, what's annoying here, is the only part of Drupal I found usage of this variable, is the update.php file. So, what happens in real life, when you try to update you site in this case?
The answer is: "Just nothing.".

Why? Because update.php can't find it's op parameter, which, in facts, comes directly from $_GET or $_POST (depending on the step you are).

So, the actual solution, is this patch (working for Drupal 6.12):

WTF does this patch[fn]To use it, by the way, download the attached file, and simply use the "patch" command of your OS (RTFM, please)[/fn] do?!
Simple, it handles the original developer lazyness, just does a simple test which is, "Do I have my $_POST['op'] parameter? Yes? Ok, use it!" Simple hu?

One line of code, some hours of happyness saved!