Hi,
I have a question about Wikipedia code. I noticed that the way it
accesses GET/POST variables from URL is by using global variables. There
are two problems with that:
- it doesn't work if register_globals options is off (which is a default
in newer versions of PHP)
- it is considered to be a security risk
(http://www.php.net/manual/en/configuration.directives.php#ini.register-globals,
http://www.php.net/manual/en/security.registerglobals.php)
The fix for those problems is very simple: for each variable passed
through GET/POST add the code like this:
$title = $HTTP_GET_VARS['title'];
My questions:
a) is there any special reason it's being done this way in Wikipedia?
b) any chance it can be changed? If yes, what can I do to help make this
happen (I can write the code, test it and submit a patch)
Thanks,
Krzysztof Kowalczyk
I have a question about Wikipedia code. I noticed that the way it
accesses GET/POST variables from URL is by using global variables. There
are two problems with that:
- it doesn't work if register_globals options is off (which is a default
in newer versions of PHP)
- it is considered to be a security risk
(http://www.php.net/manual/en/configuration.directives.php#ini.register-globals,
http://www.php.net/manual/en/security.registerglobals.php)
The fix for those problems is very simple: for each variable passed
through GET/POST add the code like this:
$title = $HTTP_GET_VARS['title'];
My questions:
a) is there any special reason it's being done this way in Wikipedia?
b) any chance it can be changed? If yes, what can I do to help make this
happen (I can write the code, test it and submit a patch)
Thanks,
Krzysztof Kowalczyk