[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous
serialized strings
WordPress Trac
wp-trac at lists.automattic.com
Fri Mar 24 11:43:50 GMT 2006
#2591: users can enter dangerous serialized strings
-------------------------+--------------------------------------------------
Id: 2591 | Status: assigned
Component: Security | Modified: Fri Mar 24 11:43:50 2006
Severity: normal | Milestone: 2.1
Priority: normal | Version: 2.0.2
Owner: markjaquith | Reporter: random
-------------------------+--------------------------------------------------
Comment (by markjaquith):
First stab at {{{is_serialized()}}} and associated code. Noticed that a
lot of the object/array serialization stuff was duplicated, so I made and
used a new function {{{prepare_data()}}}
I also made {{{maybe_unserialize()}}} first check {{{is_serialized()}}}
because it should be faster to run the small grep than do the
unserialization... because most options are not serialized.
Post meta that is serialized is simply not shown to the user.
on options.php, serialized data is marked as such, and the value is not
editable.
--
Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list