It appears, from IRC conversation yesterday, that there are a few other places where WordPress relies on register_globals. So I’m on a bit of a quest. And it’s a decent introduction to PHP, because the code is pretty good, but with enough room for improvement that there’s something useful that I can do.

The reason that I dislike register_globals, by the way, is twofold. One, it leads to code that is intrinsically harder to understand. Variables spring into existence with no warning, and nobody immediately knows where they came from. Second, it is potentially insecure, with malicious strangers creating variables in your namespace without your knowledge. I’m not aware of any actual exploit using this, but it just seems unpleasant.