WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#11015 closed enhancement (wontfix)

Admin Ajax actions should pass relevant global variables

Reported by: filosofo Owned by: ryan
Milestone: Priority: normal
Severity: normal Version: 2.9
Component: JavaScript Keywords: admin-ajax has-patch
Focuses: Cc:

Description

The wp_ajax_* action hooks should pass the global $_REQUEST variable so that callbacks can reduce the number of global objects they have to be aware of and so that they can get the data in a state prior to being modified by anything else.

Attachments (1)

pass_request_vars.11015.diff (566 bytes) - added by filosofo 12 years ago.

Download all attachments as: .zip

Change History (5)

#1 @filosofo
12 years ago

  • Milestone changed from 3.0 to 2.9

Why not 2.9. It's simple and there are no backwards-compatibility issues. :-)

#2 follow-up: @azaozz
12 years ago

-1. Don't see the benefit in doing this. If you have a function that accepts data from different contexts, you would always want to filter what comes from $_REQUEST.

#3 in reply to: ↑ 2 @filosofo
12 years ago

Replying to azaozz:

-1. Don't see the benefit in doing this.

The benefit is

  • You don't have to access global objects in your callback
  • You can be agnostic about whether the "action" is from POST or GET.
  • Testing is more straightforward.
  • There's no harm.

This helps avoid having to check whether "action" is set in POST or GET, and it allows code reuse: I can use the same callback in different places.

#4 @westi
12 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Strong -1

It should be obvious inside a function when you are accessing a superglobal.

Passing $_REQUEST as a argument hides the use of the superglobal in the function.

That makes it much easier to audit code and identify where user supplied data is/isnt being trusted.

Note: See TracTickets for help on using tickets.