[wp-hackers] Embedding forms in Wordpress
Alan J Castonguay
alan at verselogic.net
Sun Nov 12 19:47:24 GMT 2006
André Schieleit wrote:
>> 3. modifying the code of the form to accommodate the spurious
>> input that
>> is received as this WordPress-as-a-CMS 'side effect'
> I found a solution to get the data generated by the form. It is indeed
> just a simple foreach() loop:
>
> foreach($_POST as $key=>$element)
> {
> ${$key}=$element;
> }
Robin's suggestion is excellent, you really should reference posted form
fields using the $_POST['elementname'] syntax.
Going through the entire $_POST array and re-registering global
variables that have just been explicitly unset is a very bad idea.
That's effectively undoing everything that `register_globals off'[1] and
wp_unregister_GLOBALS()[2] do(for POST variables).
As an aside, while checking this over I noticed that requests like
/blog/index.php?GLOBALS=Injected are supposed to be wp_die()'d with
'GLOBALS overwrite detected' on line 8 of wp-settings.php, but wp_die()
isn't included until later in the same file. Opened trac ticket #3357[3]
1: http://www.php.net/register_globals
2: http://trac.wordpress.org/browser/trunk/wp-settings.php#L3
3: http://trac.wordpress.org/ticket/3357
Alan J Castonguay
More information about the wp-hackers
mailing list