Stop interfering with $_POST superglobal

PressForward / pressforward

PressForward is a free plugin that provides an editorial workflow for content aggregation and curation within the WordPress dashboard. It is designed for bloggers and editorial teams who wish to collect, discuss, and share content from a variety of sources on the open web.

GNU Affero General Public License v3.0

120 stars 22 forks source link

Stop interfering with $_POST superglobal #1144

Open boonebgorges opened 1 year ago

boonebgorges commented 1 year ago

There are many places in the codebase where we modify what's in $_POST. This is a bad practice that can have unpredictable side effects. Instead, we should get content out of $_POST as needed, and in cases where we need to modify params submitted in the POST body, we should parse them into a local variable.

boonebgorges commented 1 year ago

This mostly happens in the NominateThisEndpoint class, because it then calls nominate_it(), and the latter method is built to look at the superglobal. The business logic should be abstracted into its own method so that we can avoid the $_POST overwriting. But I don't fully understand the nomination endpoint, other than to understand that it's intended for use with the Chrome extension. As such, I'm going to set this task aside for some future round of development.