[wp-trac] [WordPress Trac] #17375: Serialized option values broken for classes with Serializable interface

WordPress Trac noreply at wordpress.org
Fri May 8 19:48:14 UTC 2015


#17375: Serialized option values broken for classes with Serializable interface
--------------------------------+--------------------------
 Reporter:  hakre               |       Owner:  markjaquith
     Type:  defect (bug)        |      Status:  reviewing
 Priority:  normal              |   Milestone:  4.3
Component:  Options, Meta APIs  |     Version:  2.0.5
 Severity:  normal              |  Resolution:
 Keywords:  close               |     Focuses:
--------------------------------+--------------------------

Comment (by channeleaton):

 Replying to [comment:35 nacin]:
 > Replying to [comment:15 nacin]:
 > > Any changes here need sign-off by the security team before continuing.
 >
 > I am almost positive we cannot make this change without directly adding
 an arbitrary code execution vulnerability.
 >
 > = *DO NOT COMMIT UNDER ANY CIRCUMSTANCES.* =

 I'm just trying to understand what's going on with the change. Is it the
 regex that creates the vulnerability? If not, we're basically just adding
 another key by which `is_serialized()` will return true. If normal objects
 are already processed as true through this function, is the vulnerability
 not already present?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/17375#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list