[MichaelGG]

What's wrong with the if cookie check? Don't the following conditionals for the mode make sure they still cannot post, which is the point? And the rest of the code is still run so any other security checks are still performed.

extract is one of those moronic things though that only exists to create security holes and other bugs.

[szatkus]

http://pl1.php.net/extract

OMG, it's horrible :D

[pimlottc]

Why there isn't a flashing red warning label at the very top of that page, I have no idea. This is one instance where I would actually sanction using the <blink> tag.

[krapp]

To be fair, there is a big red warning box further down that tells you using it with user-supplied data is a very bad idea, and there are flags available to prevent overwriting existing symbols.

None of which the 4chan code actually uses.

I've never seen the utility of extract -- it's the recommended way of getting wordpress plugin parameters, but to me, just using whatever array you're extracting from is always a better solution.