[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous
serialized strings
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 24 04:48:04 GMT 2006
#2591: users can enter dangerous serialized strings
-----------------------+----------------------------------------------------
Id: 2591 | Status: new
Component: Security | Modified: Fri Mar 24 04:48:04 2006
Severity: normal | Milestone: 2.1
Priority: normal | Version: 2.0.2
Owner: anonymous | Reporter: random
-----------------------+----------------------------------------------------
Comment (by markjaquith):
I'm testing out the uploaded patch on a local SVN test install. It
serializes in update_option() and add_option() in every case (not just
object and array).
Problem: using the secret "options.php" page will destroy your options
table. The serialized strings are re-serialized, and serialized arrays
are serialized as a string. We'll have to make a special case for this
page, and skip serialization.
--
Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list