Lack of interest Direct superglobal access

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
K

Kirby

Well-known member
There are a few locations where XenForo directly accesses $_POST/$_GET:
  • \XF\Spam\AbstractChecker::logSpamTrigger()
  • \XF\Payment\PayPal::setupCallback()
  • \XF\Payment\TwoCheckout::getLogData()
  • \XF\Http\Error::getRequestDataForExceptionLog()
  • \XF\Mvc\Controller::assertValidPage()
  • \XF\Pub\Controller\Report::actionClosed()
This is problematic in integration scenarios, it would therefore be great if access could be routed through XF\Http\Request instead.
 
Upvote 0
This suggestion has been closed. Votes are no longer accepted.
It looks like the places we do this are explicitly because we want either $_GET or $_POST but not both and the Request object doesn't attempt to separate them, as it stands.

It's not really clear what "integration scenarios" means so without additional context this seems to be a suggestion, rather than a bug and with a clearer case set out it may be something we can consider in the future.
 

Similar threads

zoldos
  • Question Question
XF 2.3 How do I secure uploaded content from being directly accessed on the web?
Replies
12
Views
204
zoldos
zoldos
Alpha1
  • Question Question
Cannot access offset of type string on string src/XF/Mvc/Renderer/Html.php:167
Replies
5
Views
62
Jeremy P
Jeremy P
cdub
  • Question Question
XF 2.3 Accidentally mass messaged 1,500 users and forgot to select "Leave direct message and accept future responses"
Replies
2
Views
52
cdub
cdub
mcatze
  • Solved
XF 2.3 ErrorException: [E_WARNING] Trying to access array offset on false in src/XF/Install/Upgrader.php at line 119
Replies
2
Views
56
mcatze
mcatze
vbresults
  • Suggestion Suggestion
Make custom field display value into templates with data access
Replies
0
Views
26
vbresults
vbresults
Back
Top Bottom