Use request stack service for super globals $_POST

Created on 2 April 2020, over 4 years ago
Updated 13 December 2023, about 1 year ago

Raw $_GET and $_POST variables should never be accessed and used directly because they pose a risk of SQL injection, or other potential forms of exploitation using carefully crafted URLs and GET/POST parameters. The request service provides a security layer to help sanitize and ensure that these variables are safe to use.

Regardless of whether or not this is deemed a security issue in this particular case, it goes against Drupal coding standards and best practices. When using PHPCS to lint code against Drupal standards, this error message is produced:

The $_POST super global must not be accessed directly; inject the request_stack service and use $stack->getCurrentRequest()->request->get('g-recaptcha-response') instead.

All modules should comply with the Drupal coding standards, especially when it comes to potential security issues, to minimize vulnerabilities in the platform.

📌 Task
Status

Fixed

Version

3.0

Component

General

Created by

🇮🇳India swatichouhan012

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Production build 0.71.5 2024