[wp-hackers] Embedding forms in Wordpress

Alan J Castonguay alan at verselogic.net
Sun Nov 12 19:47:24 GMT 2006

André Schieleit wrote:
>>     3. modifying the code of the form to accommodate the spurious 
>> input that
>>        is received as this WordPress-as-a-CMS 'side effect'
> I found a solution to get the data generated by the form. It is indeed 
> just a simple foreach() loop:
> foreach($_POST as $key=>$element)
> {
>     ${$key}=$element;
> }

Robin's suggestion is excellent, you really should reference posted form 
fields using the $_POST['elementname'] syntax.

Going through the entire $_POST array and re-registering global 
variables that have just been explicitly unset is a very bad idea. 
That's effectively undoing everything that `register_globals off'[1] and 
wp_unregister_GLOBALS()[2] do(for POST variables).

As an aside, while checking this over I noticed that requests like 
/blog/index.php?GLOBALS=Injected are supposed to be wp_die()'d with 
'GLOBALS overwrite detected' on line 8 of wp-settings.php, but wp_die() 
isn't included until later in the same file. Opened trac ticket #3357[3]

1: http://www.php.net/register_globals
2: http://trac.wordpress.org/browser/trunk/wp-settings.php#L3
3: http://trac.wordpress.org/ticket/3357

Alan J Castonguay

More information about the wp-hackers mailing list