Should not use values of not known cookies

[suso]

In init.php, plugins.php and cls/rss.php, the variable $_REQUEST is used to check for a 'theme' value. As $_REQUEST contains $_GET, $_POST, and $_COOKIE, if a cookie named 'theme' exists in the browser, it is used to override the configured theme.

I think those files should only check for $_GET and $_POST, but not for $_COOKIE.

(I know it should be a responsibility of other web applications to set cookies with the right path and a preferably unique name, but anyway I think it's a good idea to avoid using cookie values that we don't know for sure if they exist or not)

[sdcosta]

I agree [1076] fixes one of these.

[mbonetti]

Can we close this one?