[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous
serialized strings
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 24 03:53:38 GMT 2006
#2591: users can enter dangerous serialized strings
-----------------------+----------------------------------------------------
Id: 2591 | Status: new
Component: Security | Modified: Fri Mar 24 03:53:38 2006
Severity: normal | Milestone: 2.1
Priority: normal | Version: 2.0.2
Owner: anonymous | Reporter: random
-----------------------+----------------------------------------------------
Comment (by markjaquith):
As long as plugins are using the API, it should be fine. I can think of
one place in WP where the API is not used, (direct query in wp-
settings.php:123) but it just checks that there is a value, it doesn't use
the value itself.
As for upgrading of existing strings, couldn't we just let it happen
naturally? We'd still be passing stuff through the "maybe unserialize"
function, so it'd just get upgraded whenever it was updated.
--
Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list