[wp-hackers] 2 Questions: $_REQUEST equivalent and using GET in mod_rewrite

Kirk Steffensen blogger at steffensenfamily.com
Tue Aug 28 18:24:33 GMT 2007


On 8/28/07, jacobsantos at branson.com wrote:
>
> If you kept this and released it GPL, the first thing I will do is convert
> it to the right super global.


If you change $_REQUEST to one of $_POST or $_GET in my code, you'll break
it.

I use it for retrieving variables that I sometimes set with a POST via form
and sometimes set with a GET via URL.  That's why $_REQUEST is there, so
that you don't have to look at both $_POST and $_GET.  And it doesn't really
matter where it's coming from, because if it doesn't match the expected
values (because someone is trying to hack the server), it doesn't matter,
because none of the variables looked at with $_REQUEST can do anything other
than break the operation of the plugin since none of them are used for admin
functions.  All the admin is done via config files on the backend.  This
isn't true of all code, but to say that you should NEVER use $_REQUEST in a
plugin is silly.


More information about the wp-hackers mailing list