On Wed, 30 Apr 2003, Krzysztof Kowalczyk wrote:
I have a question about Wikipedia code. I noticed that the way it accesses GET/POST variables from URL is by using global variables. There are two problems with that:
- it doesn't work if register_globals options is off (which is a default
in newer versions of PHP)
The wiki uses a number of non-standard options...
- it is considered to be a security risk
Sure, if you use *uninitialized* global variables and assume they can only have trusted values. Don't do that. :)
My questions: a) is there any special reason it's being done this way in Wikipedia?
Force of habit.
b) any chance it can be changed? If yes, what can I do to help make this happen (I can write the code, test it and submit a patch)
Sure, please send patches. $_GET / $_POST are ugly as heck, but it's theoretically a better coding practise.
Keep in mind that a few things might work by either GET or POST (searches; some legit bots).
-- brion vibber (brion @ pobox.com)