[wp-trac] [WordPress Trac] #10452: Wordpress pollutes POST data
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 20 16:58:25 UTC 2009
#10452: Wordpress pollutes POST data
--------------------------+-------------------------------------------------
Reporter: bilge | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.8.3
Component: General | Version: 2.8.2
Severity: critical | Keywords: post data pollution cancer abomination
--------------------------+-------------------------------------------------
Form data containing quotes is escaped. For example, if a user submits an
input field with the name "test" and the value "'", after the form is
submitted: $_POST['test'] == "\'".
This is essentially magic_quotes_gpc emulation which is so cancerous that
the PHP developers had the good sense to not only deprecate but also
remove from the newest versions of PHP, and yet Wordpress sees fit to
spread the tumour around some more. All of that is irrelevant, however,
when considering that there is no earthly reason to permit any application
permission to augment the values of any PHP superglobals and that
certainly extends to the POST data collection.
Whether or not I agree that code is poetry is a moot point considering
that whoever is responsible for coding this abomination hasn't seen poetic
code in their entire lifetime.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10452>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list