[wp-trac] [WordPress Trac] #64599: Harden handling of PHP superglobals to prevent notices and potential data integrity issues
WordPress Trac
noreply at wordpress.org
Wed Feb 11 05:42:07 UTC 2026
#64599: Harden handling of PHP superglobals to prevent notices and potential data
integrity issues
-----------------------------------------+--------------------------
Reporter: vishalkakadiya | Owner: westonruter
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 7.0
Component: Site Health | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch changes-requested | Focuses:
-----------------------------------------+--------------------------
Comment (by vishalkakadiya):
@johnbillion Thanks for the question.
While `$_SERVER['REQUEST_TIME']` is typically available in standard web
server setups, it isn’t guaranteed across all environments. In particular,
certain FastCGI/FPM configurations, proxied requests, CLI contexts (e.g.,
WP-CLI, cron, unit tests), or hardened server setups may not define it.
Since WordPress runs in a wide range of execution contexts, relying on
`$_SERVER['REQUEST_TIME']` without an existence check can potentially lead
to undefined index notices in edge cases.
This change is intended as a small defensive hardening measure to ensure
safer access to superglobals and improve robustness across diverse
environments.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64599#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list