diff -ur phpmyadmin-3.3.7.orig/libraries/url_generating.lib.php phpmyadmin-3.3.7/libraries/url_generating.lib.php
--- phpmyadmin-3.3.7.orig/libraries/url_generating.lib.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/libraries/url_generating.lib.php	2015-10-28 20:14:25.000000000 +0100
@@ -243,7 +243,9 @@
     if (isset($GLOBALS['server'])
         && $GLOBALS['server'] != $GLOBALS['cfg']['ServerDefault']
             // avoid overwriting when creating navi panel links to servers
-        && ! isset($params['server'])) {
+        && ! isset($params['server'])
+        && ! defined('PMA_SETUP')
+    ) {
         $params['server'] = $GLOBALS['server'];
     }
 
diff -ur phpmyadmin-3.3.7.orig/setup/frames/form.inc.php phpmyadmin-3.3.7/setup/frames/form.inc.php
--- phpmyadmin-3.3.7.orig/setup/frames/form.inc.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/setup/frames/form.inc.php	2015-10-28 20:14:51.000000000 +0100
@@ -32,8 +32,8 @@
         'forms' => array('Export_defaults'))
 );
 
-$formset_id = filter_input(INPUT_GET, 'formset');
-$mode = filter_input(INPUT_GET, 'mode');
+$formset_id = isset($_GET['formset']) ? $_GET['formset'] : null;
+$mode = isset($_GET['mode']) ? $_GET['mode'] : null;
 if (!isset($formsets[$formset_id])) {
     die('Incorrect formset, check $formsets array in setup/frames/form.inc.php');
 }
diff -ur phpmyadmin-3.3.7.orig/setup/frames/index.inc.php phpmyadmin-3.3.7/setup/frames/index.inc.php
--- phpmyadmin-3.3.7.orig/setup/frames/index.inc.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/setup/frames/index.inc.php	2015-10-28 20:15:47.000000000 +0100
@@ -131,8 +131,8 @@
     <td><?php echo htmlspecialchars($cf->getServerDSN($id)) ?></td>
     <td style="white-space: nowrap">
         <small>
-        <a href="<?php echo "?page=servers{$separator}mode=edit{$separator}id=$id" ?>"><?php echo $GLOBALS['strEdit'] ?></a>
-        | <a href="<?php echo "?page=servers{$separator}mode=remove{$separator}id=$id" ?>"><?php echo $GLOBALS['strDelete'] ?></a>
+        <a href="<?php echo "?" . PMA_generate_common_url() . $separator . "page=servers{$separator}mode=edit{$separator}id=$id" ?>"><?php echo $GLOBALS['strEdit'] ?></a>
+        | <a href="<?php echo "?" . PMA_generate_common_url() . $separator . "page=servers{$separator}mode=remove{$separator}id=$id" ?>"><?php echo $GLOBALS['strDelete'] ?></a>
         </small>
     </td>
 </tr>
diff -ur phpmyadmin-3.3.7.orig/setup/frames/menu.inc.php phpmyadmin-3.3.7/setup/frames/menu.inc.php
--- phpmyadmin-3.3.7.orig/setup/frames/menu.inc.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/setup/frames/menu.inc.php	2015-10-28 20:17:03.000000000 +0100
@@ -15,10 +15,10 @@
 $separator = PMA_get_arg_separator('html');
 ?>
 <ul>
-	<li><a href="index.php"><?php echo $GLOBALS['strSetupOverview'] ?></a></li>
-	<li><a href="?page=form<?php echo $separator ?>formset=features"><?php echo $GLOBALS['strSetupFormset_features'] ?></a></li>
-	<li><a href="?page=form<?php echo $separator ?>formset=left_frame"><?php echo $GLOBALS['strSetupForm_Left_frame'] ?></a></li>
-	<li><a href="?page=form<?php echo $separator ?>formset=main_frame"><?php echo $GLOBALS['strSetupForm_Main_frame'] ?></a></li>
-	<li><a href="?page=form<?php echo $separator ?>formset=import"><?php echo $GLOBALS['strImport'] ?></a></li>
-	<li><a href="?page=form<?php echo $separator ?>formset=export"><?php echo $GLOBALS['strExport'] ?></a></li>
+	<li><a href="index.php?<?php echo PMA_generate_common_url() ?>"><?php echo $GLOBALS['strSetupOverview'] ?></a></li>
+	<li><a href="?page=form<?php echo $separator . PMA_generate_common_url() . $separator ?>formset=features"><?php echo $GLOBALS['strSetupFormset_features'] ?></a></li>
+	<li><a href="?page=form<?php echo $separator . PMA_generate_common_url() . $separator ?>formset=left_frame"><?php echo $GLOBALS['strSetupForm_Left_frame'] ?></a></li>
+	<li><a href="?page=form<?php echo $separator . PMA_generate_common_url() . $separator ?>formset=main_frame"><?php echo $GLOBALS['strSetupForm_Main_frame'] ?></a></li>
+	<li><a href="?page=form<?php echo $separator . PMA_generate_common_url() . $separator ?>formset=import"><?php echo $GLOBALS['strImport'] ?></a></li>
+	<li><a href="?page=form<?php echo $separator . PMA_generate_common_url() . $separator ?>formset=export"><?php echo $GLOBALS['strExport'] ?></a></li>
 </ul>
diff -ur phpmyadmin-3.3.7.orig/setup/frames/servers.inc.php phpmyadmin-3.3.7/setup/frames/servers.inc.php
--- phpmyadmin-3.3.7.orig/setup/frames/servers.inc.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/setup/frames/servers.inc.php	2015-10-28 20:14:25.000000000 +0100
@@ -19,8 +19,8 @@
 require_once './setup/lib/FormDisplay.class.php';
 require_once './setup/lib/form_processing.lib.php';
 
-$mode = filter_input(INPUT_GET, 'mode');
-$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
+$mode = isset($_GET['mode']) ? $_GET['mode'] : null;
+$id = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
 
 $cf = ConfigFile::getInstance();
 $server_exists = !empty($id) && $cf->get("Servers/$id") !== null;
diff -ur phpmyadmin-3.3.7.orig/setup/index.php phpmyadmin-3.3.7/setup/index.php
--- phpmyadmin-3.3.7.orig/setup/index.php	2015-10-28 20:02:52.000000000 +0100
+++ phpmyadmin-3.3.7/setup/index.php	2015-10-28 20:14:25.000000000 +0100
@@ -14,7 +14,7 @@
  */
 require './lib/common.inc.php';
 
-$page = filter_input(INPUT_GET, 'page');
+$page = isset($_GET['page']) ? $_GET['page'] : null;
 $page = preg_replace('/[^a-z]/', '', $page);
 if ($page === '') {
     $page = 'index';
diff -ur phpmyadmin-3.3.7.orig/setup/lib/form_processing.lib.php phpmyadmin-3.3.7/setup/lib/form_processing.lib.php
--- phpmyadmin-3.3.7.orig/setup/lib/form_processing.lib.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/setup/lib/form_processing.lib.php	2015-10-28 20:18:26.000000000 +0100
@@ -14,7 +14,7 @@
  * @param FormDisplay $form_display
  */
 function process_formset(FormDisplay $form_display) {
-	if (filter_input(INPUT_GET, 'mode') == 'revert') {
+	if (isset($_GET['mode']) && $_GET['mode'] == 'revert') {
         // revert erroneous fields to their default values
         $form_display->fixErrors();
         // drop post data
@@ -30,10 +30,10 @@
         if ($form_display->hasErrors()) {
             // form has errors, show warning
             $separator = PMA_get_arg_separator('html');
-            $page = filter_input(INPUT_GET, 'page');
-            $formset = filter_input(INPUT_GET, 'formset');
+            $page = isset($_GET['page']) ? $_GET['page'] : null;
+            $formset = isset($_GET['formset']) ? $_GET['formset'] : null;
             $formset = $formset ? "{$separator}formset=$formset" : '';
-            $id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
+            $id = PMA_isValid($_GET['id'], 'numeric') ? $_GET['id'] : null;
             if ($id === null && $page == 'servers') {
             	// we've just added a new server, get it's id
             	$id = ConfigFile::getInstance()->getServerCount();
@@ -43,12 +43,12 @@
             <div class="warning">
                 <h4><?php echo $GLOBALS['strSetupWarning'] ?></h4>
                 <?php echo PMA_lang('error_form') ?><br />
-                <a href="?page=<?php echo $page . $formset . $id . $separator ?>mode=revert"><?php echo PMA_lang('RevertErroneousFields') ?></a>
+                <a href="?page=<?php echo $page . $formset . $id . $separator . PMA_generate_common_url() . $separator ?>mode=revert"><?php echo PMA_lang('RevertErroneousFields') ?></a>
             </div>
             <?php $form_display->displayErrors() ?>
-            <a class="btn" href="index.php"><?php echo PMA_lang('IgnoreErrors') ?></a>
+            <a class="btn" href="index.php?<?php echo PMA_generate_common_url() ?>"><?php echo PMA_lang('IgnoreErrors') ?></a>
             &nbsp;
-            <a class="btn" href="?page=<?php echo $page . $formset . $id . $separator ?>mode=edit"><?php echo PMA_lang('ShowForm') ?></a>
+            <a class="btn" href="?page=<?php echo $page . $formset . $id . $separator . PMA_generate_common_url() . $separator ?>mode=edit"><?php echo PMA_lang('ShowForm') ?></a>
             <?php
         } else {
             // drop post data
diff -ur phpmyadmin-3.3.7.orig/setup/validate.php phpmyadmin-3.3.7/setup/validate.php
--- phpmyadmin-3.3.7.orig/setup/validate.php	2010-09-07 18:35:56.000000000 +0200
+++ phpmyadmin-3.3.7/setup/validate.php	2015-10-28 20:14:25.000000000 +0100
@@ -19,8 +19,10 @@
 
 header('Content-type: application/json');
 
-$vids = explode(',', filter_input(INPUT_POST, 'id'));
-$values = json_decode(filter_input(INPUT_POST, 'values'));
+$ids = isset($_POST['id']) ? $_POST['id'] : null;
+$vids = explode(',', $ids);
+$vals = isset($_POST['values']) ? $_POST['values'] : null;
+$values = json_decode($vals);
 if (!($values instanceof stdClass)) {
     die('Wrong data');
 }
