[wp-trac] [WordPress Trac] #18322: The Road to Magic Quotes Sanity

WordPress Trac wp-trac at lists.automattic.com
Sun Feb 26 14:05:48 UTC 2012 

#18322: The Road to Magic Quotes Sanity
--------------------------+-----------------------------
 Reporter:  ryan          |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Future Release
Component:  General       |     Version:  3.2.1
 Severity:  normal        |  Resolution:
 Keywords:                |
--------------------------+-----------------------------

Comment (by hakre):

 About a new API, I'd like to give some pointers: Probably it's feasibly to
 create a request object which abstracts and encapsulates the request
 properly:

 {{{
 $request = WP_Request::createFromGlobals();
 }}}

 The key point here is that you don't have static GET::/POST::/WHATEVER::
 functions (e.g. replacing `$_GET` with `GET::get()`). That's more or less
 only offering a new interface for the same thing. Instead encapsulate what
 varies and offer a real interface in form of an instance. If you need a
 global access to it, put it in a global variable as it's common within
 Worpdress.

 That's then one point instead of (additional) global (static class)
 functions.

 I suggest to take a look into the
 [http://api.symfony.com/2.0/Symfony/Component/HttpFoundation/Request.html
 API of the Symfony2 Request], the
 [https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/Request.php
 sourcecode] or [http://symfony.com/doc/2.0/book/http_fundamentals.html the
 docs] for some inspiration.

 The current dependency of wordpress is `$_GET`, `$_POST`, `$_SERVER`,
 `$_COOKIE` and `$_REQUEST` afaik. So the request class must not be equally
 evolved as the Symfony2 Request.

 The key point is to start moving away from the (super)global dependencies.
 Then you can change things easier over time including the slashes domain.

 You want to change that, the root problem aren't the quotes technically,
 but to decide whether they are in or not globally. If we remove the many
 superglobals by encapsulating them, the problem of the superglobal depency
 is gone, it's easy to set policy. And you're even able to test the
 application as the request can be injected. That will become crucial if
 you want to change the processing of slashes for input data.

 And take care: Every level of indirection comes with a price, take it
 lightly.

 ----

 For the status quo, I think it's a good idea to go through the functions
 and find out if the data that is processed by these functions is
 native/raw, slash-encoded or undefined (often called ''maybe''). One way
 could be to add a docblock tag that documents it so you can run a simple
 static code-analysis over all files afterwards to index functions used and
 to get a better impression.

 The parts that are ''maybe'' are a smell then, that the usage of the
 function is not clear.

 Render a dependency tree of all functions that are calling a ''maybe''
 function and it would be more visible how ''maybe'' affects the codebase
 and how large the problem is.

 Related: #17018, #10360, #5791

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18322#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list