[wp-trac] [WordPress Trac] #10360: $_REQUEST's slashes may differ from $_GET/$_POST

WordPress Trac wp-trac at lists.automattic.com
Sun Jul 26 12:00:39 UTC 2009


#10360: $_REQUEST's slashes may differ from $_GET/$_POST
--------------------------+-------------------------------------------------
 Reporter:  dd32          |       Owner:  ryan            
     Type:  defect (bug)  |      Status:  new             
 Priority:  normal        |   Milestone:  2.8.3           
Component:  Security      |     Version:  2.8             
 Severity:  normal        |    Keywords:  has-patch commit
--------------------------+-------------------------------------------------

Comment(by hakre):

 +1 for removing slashes from _POST and _GET sothat - as dd32 makes bold -
 _POST and _GET can be replaced anytime with _REQUEST. Plus the point that
 "we all agree that relying upon slashed data in superglobals is bad." (is
 the wordpress maintainer part of that "we" or not?)

 The currrent patch does not reflect that, it just merges (slashes) _POST &
 _GET into _REQUEST and not the other way round (dd32 wrote about replacing
 _POST resp. _GET with _REQUEST and not the other way round).

 So I see no has-patch nor commit readyness.

 How can we get a valid statement from the maintainer on this issue?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10360#comment:29>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list