[wp-hackers] 2 Questions: $_REQUEST equivalent and using GET
in mod_rewrite
jacobsantos at branson.com
jacobsantos at branson.com
Tue Aug 28 17:09:02 GMT 2007
1. Using $_REQUEST is like asking hackers to pwn your site. "Yes, I want
you to hack me" Don't use it. The reason for WordPress using $_POST for
form data and $_GET for url data is for the same reason register globals
is terrible security risk. $_REQUEST is similar to using $_REQUEST and
you don't know if it is coming from the Server (HTTP), form, or url.
You must know since you created the plugin, so find out and use the
correct super global. If you kept this and released it GPL, the first
thing I will do is convert it to the right super global.
2. Somewhat of a mystery. Along with wp-cron, this is complexity driven
by lack of proper documentation.
Jacob Santos
Alex Andrews wrote:
> Hey all
>
> I am developing a plugin for Wordpress for a Creative Commons etc
> based record company (plugin will be released under GPL when done).
> This is my first Wordpress plugin, so I need a bit of a helping hand.
> Without much further ado, two questions.
>
> 1.
> I have developed the plugin so far as an external PHP application,
> albeit one that require(s) all the appropriate Wordpress includes. Now
> I wish to intergrate it into Wordpress. At the moment, I use $_REQUEST
> to parse user input and return things. Looking at the Codex, it seems
> that Wordpress has a more advanced way of doing this that santises the
> data. Can someone walk me through it?
>
> 2.
> More importantly, I want to use mod_rewrite to map onto this plugin. I
> know Wordpress can do this, but I am not sure how. Here is the schema
> I imagine, artists.php being replaced by the correct wordpress plugin
> hookup (some suggestion here might be helpful two)
>
> http://domain.com/artists/ -> launches the plugin - akin to
> http://domain.com/artists.php
> http://domain.com/artists/artistname/ ->
> http://domain.com/artists.php?artist_slug=artistname
> http://domain.com/artists/artistname/bio ->
> http://domain.com/artists.php?artist_slug=artistname&mode=bio
>
> These are the basic types. How do I go about doing this?
>
> Thanks very much indeed.
>
> Regards
>
> Alex
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>
>
More information about the wp-hackers
mailing list