[wp-trac] [WordPress Trac] #10360: $_REQUEST's slashes may differ from $_GET/$_POST
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 10 21:40:14 UTC 2009
#10360: $_REQUEST's slashes may differ from $_GET/$_POST
--------------------------+-------------------------------------------------
Reporter: dd32 | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.2
Component: Security | Version: 2.9
Severity: normal | Keywords: needs-patch dev-feedback
--------------------------+-------------------------------------------------
Comment(by Denis-de-Bernardy):
@vladimir: There was some discussion related to what should end up in
$_REQUEST in the related ticket.
FWIW, the whole point of the ticket was to remove $_COOKIES from $_REQUEST
for security reasons, without introducing a wp_gpc() function that would
end up adding needless overhead. If phpBB uses $_REQUEST where $_COOKIES
should be used, they took a very questionable option.
It was decided to ignore the gpc order and to stick to $_GET and $_POST,
because there's no straightforward way to know whether $_SERVER and $_ENV
are included and in which order. (There are many php ini settings that
serve the same purpose.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10360#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list