[TYPO3-dev] Bug/Feature request for t3lib_div::_GP (and alike)

[Franz Koch]

Hey guys,

recently I had a problem with TS conditions. In the condition I checked 
for a GPvar of a extension, that is transmitted over $_GET. Everything 
worked fine that far, until I was submitting a form of the same 
extension, additionally submitting some vars over $_POST. When 
submitting the form, the condition failed.

After having a look at the source I finally found the bug in 
t3lib_div::_GP() (and simmilar). All those t3lib_div-methods dealing 
with GPvars use a construct like this:

--------
$value = isset($_POST[$var]) ? $_POST[$var] : $_GET[$var];
--------

So if you have any _POST var from your extension, but would like to 
check against a _GET var from the same extension, you will always fail.

Wouldn't it be much wiser to do something like this?
--------
$value = t3lib_div::GParrayMerged($var);
--------

so you really get ALL your extension/key related values? I'm just 
curious why it's been done how it's done. For me this clearly is a bug 
and I don't see any security or other issues with it because _POST is 
overruling _GET in the merged array. What do you guys think?

-- 
kind regards,
Franz Koch