Fixed register_globals issue. Some more work to secure the contact form is needed

www/account.php

@@ -17,6 +17,8 @@
 */ ?>
 <?
 	include("../includes/account.php");
+        $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
+        $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
 
 	if($id == 6)
 	{
@@ -25,11 +27,11 @@
 	} else if($id == 19) {
 		include_once("../pages/account/19.php");
 		exit;
-	} else if($oldid == 40 && $process != "" && $_POST['support'] != "yes") {
+	} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] != "yes") {
-		$who = stripslashes($who);
+		$who = stripslashes($_REQUEST['who']);
-		$email = stripslashes($email);
+		$email = stripslashes($_REQUEST['email']);
-		$subject = stripslashes($subject);
+		$subject = stripslashes($_REQUEST['subject']);
-		$message = stripslashes($message);
+		$message = stripslashes($_REQUEST['message']);
 
                 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;
 
@@ -38,11 +40,12 @@
                 echo _("Your message has been sent.");
                 showfooter();
                 exit;
-	} else if($oldid == 40 && $process != "" && $_POST['support'] == "yes") {
+	} else if($oldid == 40 && $_REQUEST['process'] != "" && $_POST['support'] == "yes") {
-		$who = stripslashes($who);
+		$who = stripslashes($_REQUEST['who']);
-		$email = stripslashes($email);
+		$email = stripslashes($_REQUEST['email']);
-		$subject = stripslashes($subject);
+		$subject = stripslashes($_REQUEST['subject']);
-		$message = stripslashes($message);
+		$message = stripslashes($_REQUEST['message']);
+
 
                 $message = "From: $who\nEmail: $email\nSubject: $subject\n\nMessage:\n".$message;