[wp-trac] [WordPress Trac] #10360: $_REQUEST's slashes may differ from $_GET/$_POST
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 24 23:27:39 UTC 2009
#10360: $_REQUEST's slashes may differ from $_GET/$_POST
--------------------------+-------------------------------------------------
Reporter: dd32 | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.3
Component: Security | Version: 2.8
Severity: normal | Keywords: has-patch commit
--------------------------+-------------------------------------------------
Changes (by dd32):
* keywords: dev-feedback => has-patch commit
Comment:
We all agree that relying upon slashed data in superglobals is bad. Theres
no question about it.
This is about CONSISTENCY.
{{{$_POST['something']}}} should be able to be replaced by
{{{$_REQUEST['something']}}} and act EXACTLY THE SAME. This is not
currently happening due to !WordPress's Slashing of data in
{{{$_GET/$_POST}}} but NOT in $_REQUEST (Which may be slashed if the
server has it enabled, or not slashed otherwise..)
The slashing of data is NOT for this ticket, and another ticket has
recently been closed around it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10360#comment:28>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list