After an update of a WordPress installation (2.8.5 to 2.9.1), I noticed that one of the plugins,
A couple of teacups later I figured out what was causing the issue. In the old wp-settings.php
file there was this line of code forcing $_REQUEST
to be $_GET
+ $_POST
:
$_REQUEST = array_merge($_GET, $_POST);
In the old version it was closer to the beginning of the file, on line 51, but somewhere between versions 2.8.5 and 2.9.1 it was moved to line 637. Right after this part:
$_GET = add_magic_quotes($_GET ); $_POST = add_magic_quotes($_POST ); $_COOKIE = add_magic_quotes($_COOKIE); $_SERVER = add_magic_quotes($_SERVER);
Stray Quotes uses $_REQUEST
to process submitted data. There we go.
I’m sure the folks at WordPress had their reasons for such a change (that’s why I’m calling it an “issue” and not a “problem”), it’s just that I can’t help wondering how many plugins (or even parts of the core) were affected by it. Last week, I was setting up a
Now, I reckon you want a solution… Sorry to disappoint you, but I can’t give you one. Not a quick one, at least.
What about writing to support guys, you’re probably asking yourself now? Don’t. I really doubt that this change can (or should, for that matter) be reversed in future versions of WordPress. Like I said, there must have been a reason for it.
So I’d say the best thing you can do is to figure out which plugins among those installed on your system(s) are affected, and contact their developers with either the information on the issue or, if you can, an implementation of the fix. And wait for updates.
Just please don’t go hack the core!
Leave a Reply