[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous
serialized strings
WordPress Trac
wp-trac at lists.automattic.com
Fri Oct 13 02:25:14 GMT 2006
#2591: users can enter dangerous serialized strings
---------------------------------+------------------------------------------
Reporter: random | Owner: markjaquith
Type: defect | Status: closed
Priority: normal | Milestone: 2.0.5
Component: Security | Version: 2.0.2
Severity: normal | Resolution: fixed
Keywords: serialize has-patch |
---------------------------------+------------------------------------------
Comment (by markjaquith):
Would appreciate if people would test this out thoroughly, on test
installs.
Make sure that a serialized string doesn't come out as the string it
represents. Make sure that slashes are appropriately added or stripped.
Make sure your options, usermeta, and postmeta are not corrupted, using
the built-in functions.
One thing I've found, this makes saving your options.php page MUCH faster
because it's not churning through those feed arrays.
--
Ticket URL: <http://trac.wordpress.org/ticket/2591#comment:27>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list