[wp-trac] [WordPress Trac] #10360: $_REQUEST's slashes may differ from $_GET/$_POST
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 10 20:54:26 UTC 2009
#10360: $_REQUEST's slashes may differ from $_GET/$_POST
--------------------------+-------------------------------------------------
Reporter: dd32 | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.2
Component: Security | Version: 2.9
Severity: normal | Keywords: needs-patch dev-feedback
--------------------------+-------------------------------------------------
Changes (by vladimir_kolesnikov):
* cc: vladimir@… (added)
Comment:
In brief:
If magic_quotes_gpc is on: $_GET, $_POST, $_COOKIE, $_SERVER and $_REQUEST
will be slashed;
If magic_quotes_gpc is off: $_GET, $_POST, $_COOKIE and $_SERVER will be
slashed, $_REQUEST won't.
And, $_REQUEST = array_merge($_GET, $_POST) does not take into account
php.ini's variables_order variable and (for PHP 5.3.0), request_order
variable.
BTW, throwing $_COOKIE out of $_REQUEST breaks phpBB.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10360#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list