[wp-hackers] 2 Questions: $_REQUEST equivalent and using GET
in mod_rewrite
Alex Günsche
ag.ml2007 at zirona.com
Tue Aug 28 18:26:04 GMT 2007
On Tue, 2007-08-28 at 12:09 -0500, jacobsantos at branson.com wrote:
> 1. Using $_REQUEST is like asking hackers to pwn your site. "Yes, I want
> you to hack me" Don't use it. The reason for WordPress using $_POST for
> form data and $_GET for url data is for the same reason register globals
> is terrible security risk. $_REQUEST is similar to using $_REQUEST and
> you don't know if it is coming from the Server (HTTP), form, or url.
Sorry, but this is complete nonsense. $_REQUEST simply merges $_GET,
$_POST and $_COOKIE. http://de.php.net/reserved.variables
Regards,
Alex
--
Alex Günsche, Zirona OpenSource-Consulting
Blogs: http://www.zirona.com/ | http://www.regularimpressions.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
More information about the wp-hackers
mailing list