Use it for case "id" (see below)
-- cut --
case "id" :
if(is_numeric($_REQUEST['id'])) {
return intval($_REQUEST['id']);
-- cut --
Otherwise an attacker could use floats to obfuscate pagecache.
By the way: Due to theoretical considerations I would recommend
exiting on NaN, as given in the original patch. In my opinion, there’s no reason to continue a script if a breakin attempt was detected. If you prefer continuing without an error, you should set $_REQUEST[’id’] = $this->config[’site_start’] to make sure, the malformed request won’t go anywhere else.
☆ A M B ☆
