[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous serialized strings

WordPress Trac wp-trac at lists.automattic.com
Thu Mar 23 19:31:54 GMT 2006

#2591: users can enter dangerous serialized strings
       Id:  2591       |      Status:  new                     
Component:  Security   |    Modified:  Thu Mar 23 19:31:54 2006
 Severity:  normal     |   Milestone:  2.1                     
 Priority:  normal     |     Version:  2.0.2                   
    Owner:  anonymous  |    Reporter:  random                  
Comment (by skeltoac):

 random's suggestion is one I've also proposed. The counter-argument was
 that it would make it difficult for non-PHP scripts to make use of string
 data in our options tables.

 I think it's pretty trivial to parse a PHP serialized string, so we
 shouldn't worry about non-PHP programs integrating with our options
 tables. Serializing every option is fine by me.

Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list