This is a serious risk because people who set REGISTER_GLOBAL to OFF think to be in a safe environment with a QuickCart powered site, while instead they are unaware of that unsafe line of code.
I suggest using:
extract( $_GET, EXTR_SKIP );
See the warnig at http://www.php.net/manual/en/function.extract.php
"Do not use extract() on untrusted data, like user-input ($_GET, ...). If you do, for example, if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini"
delbono - thx for suggestion but EXTR_SKIP will not help because there is no variable before this extract(). For now we dont see problems with this extract. Many projects use this function and exists well :)
