Hello Community,
I suggest that we try to clean the handling of request parameters for CMSimple_XH 1.7. As it's now many request parameters can be passed in a query string ($_GET) or as form fields ($_POST). IMO that is a bad practise (at least it's still slightly better than using $_REQUEST), because it is seducing to confuse GET and POST requests, which have a clear semantical distinction (see RFC 7231, section 4.2), but even worse, they make it easier for attackers to do harm (or at least annoying things), because it is easier to trick somebody with a link than with a form.
Christoph
XH 1.7: stricter distinction between $_GET and $_POST
XH 1.7: stricter distinction between $_GET and $_POST
Christoph M. Becker – Plugins for CMSimple_XH