Brought up by a forum user: http://phpicalendar.net/forums/viewtopic.php?f=42&t=3917
Uses of $_GET, $_POST, and $_COOKIE need to be audited throughout the project. My personal suggestion is replacing the direct variable accesses with wrapper functions. Something like this:
function var_from_GET($var) {
if (isset($_GET[$var])) {
$var = $_GET[$var];
if (get_magic_quotes_gpc())
$var = stripslashes($var);
return $var;
}
return '';
}
Now, instead of accessing $_GET['name'] directly, access it using var_from_GET('name')
This makes the GPC superglobals read-only (the way it should be) by not providing a set-accessor function. Although one could be implemented, if necessary.