- Improved the input checking.

includes/common.inc

@@ -584,7 +584,7 @@ function valid_input_data($data) {
       }
     }
   }
-  else {
+  else if (isset($data)) {
     // Detect dangerous input data.
 
     // Decode all normal character entities.
@@ -1805,8 +1805,14 @@ function drupal_get_path($type, $name) {
 // Initialize all enabled modules.
 module_init();
 
-if ($_REQUEST && !user_access('bypass input data check')) {
-  if (!valid_input_data($_REQUEST)) {
+if (!user_access('bypass input data check')) {
+  // We can't use $_REQUEST because it consists of the contents of $_POST, 
+  // $_GET and $_COOKIE: if any of the input arrays share a key, only one
+  // value will be verified.
+  if (!valid_input_data($_GET)
+   || !valid_input_data($_POST) 
+   || !valid_input_data($_COOKIE)
+   || !valid_input_data($_FILES)) {
     die('Terminated request because of suspicious input data.');
   }
 }