[wp-hackers] 2 Questions: $_REQUEST equivalent and using GET in mod_rewrite

Alex Günsche ag.ml2007 at zirona.com
Tue Aug 28 18:26:04 GMT 2007


On Tue, 2007-08-28 at 12:09 -0500, jacobsantos at branson.com wrote:
> 1. Using $_REQUEST is like asking hackers to pwn your site. "Yes, I want 
> you to hack me" Don't use it. The reason for WordPress using $_POST for 
> form data and $_GET for url data is for the same reason register globals 
> is terrible security risk. $_REQUEST is similar to using $_REQUEST and 
> you don't know if it is coming from the Server (HTTP), form, or url.

Sorry, but this is complete nonsense. $_REQUEST simply merges $_GET,
$_POST and $_COOKIE. http://de.php.net/reserved.variables

Regards,
Alex



-- 
Alex Günsche, Zirona OpenSource-Consulting
Blogs: http://www.zirona.com/ | http://www.regularimpressions.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc



More information about the wp-hackers mailing list