[wp-trac] Re: [WordPress Trac] #2591: users can enter dangerous serialized strings

WordPress Trac wp-trac at lists.automattic.com
Mon Sep 4 13:41:30 GMT 2006

#2591: users can enter dangerous serialized strings
 Reporter:  random     |        Owner:  markjaquith
     Type:  defect     |       Status:  assigned   
 Priority:  normal     |    Milestone:  2.1        
Component:  Security   |      Version:  2.0.2      
 Severity:  normal     |   Resolution:             
 Keywords:  serialize  |  
Comment (by elronxenu):

 This is basically a data escaping problem. The requirement is to reliably
 return the same data which was put into the database, whether a scalar or
 a complex object.

 The solution is to prefix all complex objects with a '*', and to prefix
 all scalar strings which begin with a '*' or a '$' with a '$'. That way,
 "$fred" becomes "$$fred" and "*fred" becomes "$*fred" but an object which
 is serialized looks something like "*a:5000:{}".

 When processing data read from the database, if a string begins with "*"
 then deserialize it, and if it begins with "$" then strip the leading $

 (You can choose less common characters than '*' and '$', I just used them
 to illustrate the concept).

Ticket URL: <http://trac.wordpress.org/ticket/2591>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list