idk what stripslashes() was doing in there, but it was definitely a bug (there's no way the slashes in there, if any, had no purpose and could just be discarded.. right?)
in addition, post data with keys containing special characters (if any) was incorrectly encoded. a correct encoding loop goes like:
foreach ($_POST as $key => $value) {
$req.="&".urlencode($key)."=".urlencode($value);
}
but the original code was only encoding the value, not the key... but even better than a custom encoding loop is to just use http_build_query(), which does the entire encoding loop for us :) so that's what i changed it to.
Security issue reported by @slawkens
All wifi traffic is broadcasted - this means that any nearby sniffing devices can read your traffic. If you're connecting to a page through HTTP over public/unencrypted wifi you can assume that whatever information you are sending and receiving is public - all it takes is an attacker nearby with an antenna to read all that in plaintext. To perform a true MITM by having traffic flow through them, attackers can use technologies like WiFi pineapples or aircrack-ng to force users to connect to their wifi network.
Connecting over cable internet is much harder to intercept/mitm because you're not broadcasting your traffic for the whole neighborhood. In order to compromise this network an attacker will have to gain access to it somehow - either through physical access to a network port, malware installed on a host machine or router, etc. When an attacker has access to a network they then have to exploit that access through attacks such as ARP poisoning or HSRP spoofing. These attacks just MITM traffic - anyone on the network can still sniff (read, but not change) traffic, but keep in mind HTTPS traffic is still encrypted and can't be read.
https://security.stackexchange.com/questions/153148/how-easy-it-is-to-actually-perform-mitm-attack-these-days
