[wp-trac] Re: [WordPress Trac] #4029: maybe_serialize() can do double-serialize

WordPress Trac wp-trac at lists.automattic.com
Mon Mar 26 06:23:25 GMT 2007


#4029: maybe_serialize() can do double-serialize
------------------------------------+---------------------------------------
 Reporter:  takayukister            |        Owner:  anonymous
     Type:  defect                  |       Status:  closed   
 Priority:  normal                  |    Milestone:           
Component:  General                 |      Version:  2.2      
 Severity:  major                   |   Resolution:  invalid  
 Keywords:  has-patch dev-feedback  |  
------------------------------------+---------------------------------------
Changes (by markjaquith):

  * status:  reopened => closed
  * resolution:  => invalid
  * milestone:  2.2 =>

Comment:

 Intentional.  Ensures that input == output (using
 {{{maybe_unserialize()}}}).  Otherwise, as masquerade pointed out, you can
 enter a serialized array into a string input and get an array as the
 output.  There were documented server-crash scenarios from this.

 The other solution was serializing everything, but this makes the options
 and meta tables really unfriendly.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4029#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list