[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
WordPress Trac
noreply at wordpress.org
Wed Oct 4 08:36:17 UTC 2023
#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
-------------------------------------------------+-------------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Posts, Post Types | Version: 5.6.2
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs- | Focuses:
testing changes-requested |
-------------------------------------------------+-------------------------
Comment (by bitcomplex):
Replying to [comment:18 costdev]:
> While there's room for improvement in handling cases such as `(object)
(array) $object`, can you clarify who "you" refers to in each of these so
that it's clear to myself and others?
>
> 1. [you] serialize objects and [you] later change the visibility of a
property in the class the object belongs too
1. WordPress serialize objects and 3rd party later change the visibility
of a property in the class the object belongs too
> 2. [you've] decided that it is a good idea to store serialized objects
2. WordPress developers have decided that it is a good idea to store
serialized objects
> 3. [you] should also handle changes of classes in a way that do not
cause fatals
3. WordPress developers should also handle changes of classes in a way
that do not cause fatals. (This does not absolve 3rd party developers from
not following WP-guidelines. But not following guidlines should not cause
fatals).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list