[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous serialized strings

WordPress Trac wp-trac at lists.automattic.com
Thu Oct 12 06:22:24 GMT 2006


#2591: users can enter dangerous serialized strings
---------------------------------+------------------------------------------
 Reporter:  random               |        Owner:  markjaquith
     Type:  defect               |       Status:  assigned   
 Priority:  normal               |    Milestone:  2.1        
Component:  Security             |      Version:  2.0.2      
 Severity:  normal               |   Resolution:             
 Keywords:  serialize has-patch  |  
---------------------------------+------------------------------------------
Comment (by markjaquith):

 Take 4 is up.  Things to try:

 Enter this into postmeta, an option field, an options.php field, or a
 profile field:

 {{{s:4:"test";}}}

 It should stay the same.  If you get {{{test}}} back out, that's a
 problem.

 Enter this into the same places:

 {{{a:100000{}}}}

 your server shouldn't crash, and you should get that same string back.

 In both cases, the serialized data you tried to sneak in should appear in
 the DB as that string re-serialized.

 objects or arrays inserted by the system should look like like they did
 before... serialized representations.  plain text strings should also stay
 the same.  The only thing that gets treated specially is user-entered text
 masquerading as a pre-serialized object.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2591#comment:22>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list