The request_order configuration is currently set to GPC, meaning GET POST and cookies are included in the $_REQUEST superglobal variable.
The application exclusively passes request parameters in the query string (GET) or via form POST. Cookies are not used for request parameters. The application uses cookies only for session state, in which case they are exclusively accessed via the $_COOKIES global and never $_REQUEST.
This PR removes cookies from the $_REQUEST variable, such that it will contain only request parameters supplied in the query string (GET) or via form POST.
The request_order configuration is currently set to GPC, meaning GET POST and cookies are included in the $_REQUEST superglobal variable.
The application exclusively passes request parameters in the query string (GET) or via form POST. Cookies are not used for request parameters. The application uses cookies only for session state, in which case they are exclusively accessed via the $_COOKIES global and never $_REQUEST.
This PR removes cookies from the $_REQUEST variable, such that it will contain only request parameters supplied in the query string (GET) or via form POST.