[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous
serialized strings
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 12 06:22:24 GMT 2006
#2591: users can enter dangerous serialized strings
---------------------------------+------------------------------------------
Reporter: random | Owner: markjaquith
Type: defect | Status: assigned
Priority: normal | Milestone: 2.1
Component: Security | Version: 2.0.2
Severity: normal | Resolution:
Keywords: serialize has-patch |
---------------------------------+------------------------------------------
Comment (by markjaquith):
Take 4 is up. Things to try:
Enter this into postmeta, an option field, an options.php field, or a
profile field:
{{{s:4:"test";}}}
It should stay the same. If you get {{{test}}} back out, that's a
problem.
Enter this into the same places:
{{{a:100000{}}}}
your server shouldn't crash, and you should get that same string back.
In both cases, the serialized data you tried to sneak in should appear in
the DB as that string re-serialized.
objects or arrays inserted by the system should look like like they did
before... serialized representations. plain text strings should also stay
the same. The only thing that gets treated specially is user-entered text
masquerading as a pre-serialized object.
--
Ticket URL: <http://trac.wordpress.org/ticket/2591#comment:22>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list