[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous serialized strings

WordPress Trac wp-trac at lists.automattic.com
Fri Mar 24 08:02:53 GMT 2006

#2591: users can enter dangerous serialized strings
       Id:  2591         |      Status:  assigned                
Component:  Security     |    Modified:  Fri Mar 24 08:02:53 2006
 Severity:  normal       |   Milestone:  2.1                     
 Priority:  normal       |     Version:  2.0.2                   
    Owner:  markjaquith  |    Reporter:  random                  
Comment (by random):

 There's a serialize call in delete_usermeta() as well as
 update_usermeta(), and let's not forget postmeta.

 Speaking of postmeta, changeset:3656 added querying by meta_value, so
 that'd need changing too. (Speaking of which, is querying going to be a
 problem elsewhere?)

 For options.php, we could unserialize and gettype() the result,
 reserialize if necessary for display, but add a hidden

 <input type="hidden" name="type[$option_name]" value="array" />
 field (or similar) to keep track of what's already serialized when the
 data gets sent back.

Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list