André Schieleit wrote:
3. modifying the code of the form to accommodate the spurious
input that
is received as this WordPress-as-a-CMS 'side effect'
I found a solution to get the data generated by the form. It is indeed
just a simple foreach() loop:
foreach($_POST as $key=>$element)
{
${$key}=$element;
}
Robin's suggestion is excellent, you really should reference posted form
fields using the $_POST['elementname'] syntax.
Going through the entire $_POST array and re-registering global
variables that have just been explicitly unset is a very bad idea.
That's effectively undoing everything that `register_globals off'[1] and
wp_unregister_GLOBALS()[2] do(for POST variables).
As an aside, while checking this over I noticed that requests like
/blog/index.php?GLOBALS=Injected are supposed to be wp_die()'d with
'GLOBALS overwrite detected' on line 8 of wp-settings.php, but wp_die()
isn't included until later in the same file. Opened trac ticket #3357[3]
1: http://www.php.net/register_globals
2: http://trac.wordpress.org/browser/trunk/wp-settings.php#L3
3: http://trac.wordpress.org/ticket/3357
Alan J Castonguay
_______________________________________________
wp-hackers mailing list
wp-hackers@xxxxxxxxxxxxxxxxxxxx
http://lists.automattic.com/mailman/listinfo/wp-hackers
|
|
