Is there a point asking if $_GET, $_POST and $_COOKIE are arrays?

In http://www.php.net/manual/en/language.variables.predefined.php says those are “predefined arrays”, so I don’t think we need to check this…

Stupid benchmarking test…  checking 10.000 if $_POST is array took 0.0155 versus 0.0089 for doing nothing 10.000

They are predefined arrays indeed. It doesn’t hurt to check whether they are arrays though.  On the other hand, if the is_array() checks can be left out, why not?

I’m only wondering whether it would be possible for a user to overwrite those predefined arrays. I think that would be possible by using a pre_system hook or so. Maybe let’s just not touch the _sanitize_globals() function then.