[!!!][TASK] Avoid $_GET / $_POST safety net

Resolves: TYPO3-Documentation/Changelog-To-Doc#1453
Releases: main

Author: linawolf

Documentation/ApiOverview/RequestLifeCycle/Middlewares.rst

@@ -66,6 +66,18 @@ TYPO3 has implemented the PSR-15 approach in the following way:
 
 #.  This response is passed back to the execution flow.
 
+..  versionchanged:: 14.0
+
+    Middlewares must not rely on the PHP superglobals `$_GET` / `$_POST`
+    (and legacy `$HTTP_GET_VARS` / :php:`$HTTP_POST_VARS`) being synchronized
+    with the PSR-7 request. TYPO3 no longer resets these globals from request data.
+
+    Also note that :php:`$GLOBALS['TYPO3_REQUEST']` is a compatibility layer and
+    may not be available in all middleware positions (it is set later in the
+    application flow). Always use the PSR-7 request
+    (:php:`\Psr\Http\Message\ServerRequestInterface`) passed into
+    `process()` and pass it explicitly to services that need it.
+
 ..  index:: Request handling; Middleware
 ..  _request-handling-middlewares:
 

Documentation/ApiOverview/RequestLifeCycle/Typo3Request.rst

@@ -171,6 +171,16 @@ If a request is needed initialize one as described in
 Last resort: global variable
 ----------------------------
 
+..  versionchanged:: 14.0
+
+    The global request variable is a compatibility layer and is no longer
+    guaranteed to be available in all execution contexts. In particular,
+    it may not be set yet in early PSR-15 middlewares.
+
+    Always prefer the PSR-7 request object passed explicitly to the current
+    execution context.
+
+
 TYPO3 provides the request object also in the global variable
 :php:`$GLOBALS['TYPO3_REQUEST']`. Whenever it is possible the request should be
 retrieved within the contexts described above. But this is not always possible