- it doesn't work if register_globals options is off (which is
a default in newer versions of PHP)
The wiki uses a number of non-standard options...
Actually, register_globals is the only thing you have to change in php.ini to get the wiki running.
- it is considered to be a security risk
Sure, if you use *uninitialized* global variables and assume they can only have trusted values. Don't do that. :)
Hopefully. I'm not that confident that either we don't do that, or that future coders won't do that, so I think avoiding the problem by coding so that register_globals isn't needed is a good idea.
My questions: a) is there any special reason it's being done this way in Wikipedia?
Force of habit.
Don't forget laziness. :-)
Sure, please send patches. $_GET / $_POST are ugly as heck, but it's theoretically a better coding practise.
In SearchEngine.php, I used $_REQUEST[], because I don't really care whether the variables come from a GET or a POST.