[wp-trac] [WordPress Trac] #10360: $_REQUEST's slashes may differ from $_GET/$_POST
WordPress Trac
wp-trac at lists.automattic.com
Sat Jul 11 10:03:24 UTC 2009
#10360: $_REQUEST's slashes may differ from $_GET/$_POST
--------------------------+-------------------------------------------------
Reporter: dd32 | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.2
Component: Security | Version: 2.8
Severity: normal | Keywords: dev-feedback
--------------------------+-------------------------------------------------
Changes (by hakre):
* keywords: has-patch => dev-feedback
Comment:
Just reviewed the code. According to inline documentation
{{{
// Force REQUEST to be GET + POST. If SERVER, COOKIE, or ENV are needed,
use those superglobals directly.
}}}
, $_REQUEST is to be expected forced GET + POST. Both are mostly untainted
that time so therefore I strongly speak to wontfix or invalid. There is no
need to expect $_REQUEST to be slashed.
I do not see any motivation to write a patch then.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10360#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list