[wp-hackers] 2 Questions: $_REQUEST equivalent and using GET in mod_rewrite

jacobsantos at branson.com jacobsantos at branson.com
Tue Aug 28 17:09:02 GMT 2007

1. Using $_REQUEST is like asking hackers to pwn your site. "Yes, I want 
you to hack me" Don't use it. The reason for WordPress using $_POST for 
form data and $_GET for url data is for the same reason register globals 
is terrible security risk. $_REQUEST is similar to using $_REQUEST and 
you don't know if it is coming from the Server (HTTP), form, or url.

You must know since you created the plugin, so find out and use the 
correct super global. If you kept this and released it GPL, the first 
thing I will do is convert it to the right super global.

2. Somewhat of a mystery. Along with wp-cron, this is complexity driven 
by lack of proper documentation.

Jacob Santos

Alex Andrews wrote:
> Hey all
> I am developing a plugin for Wordpress for a Creative Commons etc
> based record company (plugin will be released under GPL when done).
> This is my first Wordpress plugin, so I need a bit of a helping hand.
> Without much further ado, two questions.
> 1.
> I have developed the plugin so far as an external PHP application,
> albeit one that require(s) all the appropriate Wordpress includes. Now
> I wish to intergrate it into Wordpress. At the moment, I use $_REQUEST
> to parse user input and return things. Looking at the Codex, it seems
> that Wordpress has a more advanced way of doing this that santises the
> data. Can someone walk me through it?
> 2.
> More importantly, I want to use mod_rewrite to map onto this plugin. I
> know Wordpress can do this, but I am not sure how. Here is the schema
> I imagine, artists.php being replaced by the correct wordpress plugin
> hookup (some suggestion here might be helpful two)
> http://domain.com/artists/ -> launches the plugin - akin to
> http://domain.com/artists.php
> http://domain.com/artists/artistname/ ->
> http://domain.com/artists.php?artist_slug=artistname
> http://domain.com/artists/artistname/bio ->
> http://domain.com/artists.php?artist_slug=artistname&mode=bio
> These are the basic types. How do I go about doing this?
> Thanks very much indeed.
> Regards
> Alex
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list