[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous serialized strings

WordPress Trac wp-trac at lists.automattic.com
Fri Mar 24 05:16:18 GMT 2006


#2591: users can enter dangerous serialized strings
-------------------------+--------------------------------------------------
       Id:  2591         |      Status:  assigned                
Component:  Security     |    Modified:  Fri Mar 24 05:16:18 2006
 Severity:  normal       |   Milestone:  2.1                     
 Priority:  normal       |     Version:  2.0.2                   
    Owner:  markjaquith  |    Reporter:  random                  
-------------------------+--------------------------------------------------
Changes (by markjaquith):

  * status:  new => assigned
  * owner:  anonymous => markjaquith

Comment:

 Okay, I kludged it and made it skip serialization on options.php

 Also, user options are now serialized on update, which is really the area
 where there is the most danger of a malicious attack (someone with a
 subscriber profile inserts a 1 million member array and crashes the
 server).

 I thought of other ways of avoiding double serialization... there are GPL
 is_serialized() functions floating around, but they'd likely leave
 openings for abuse, as well as cause a lot of extra cycles on option
 updates... so a kludge for /wp-admin/options.php might actually be the
 best way.  Thoughts?

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list