André Schieleit wrote:
3. modifying the code of the form to accommodate the spurious
input thatI found a solution to get the data generated by the form. It is indeed
just a simple foreach() loop:
is received as this WordPress-as-a-CMS 'side effect'
foreach($_POST as $key=>$element)
Robin's suggestion is excellent, you really should reference posted form
fields using the $_POST['elementname'] syntax.
Going through the entire $_POST array and re-registering global
variables that have just been explicitly unset is a very bad idea.
That's effectively undoing everything that `register_globals off' and
wp_unregister_GLOBALS() do(for POST variables).
As an aside, while checking this over I noticed that requests like
/blog/index.php?GLOBALS=Injected are supposed to be wp_die()'d with
'GLOBALS overwrite detected' on line 8 of wp-settings.php, but wp_die()
isn't included until later in the same file. Opened trac ticket #3357
Alan J Castonguay
wp-hackers mailing list