[wp-trac] [WordPress Trac] #11509: sanitize_user_object() throws fatal error on user property objects
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 20 00:17:33 UTC 2009
#11509: sanitize_user_object() throws fatal error on user property objects
--------------------------+-------------------------------------------------
Reporter: filosofo | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9.1
Component: Users | Version: 2.9
Severity: normal | Keywords: sanitize_user_object has-patch
--------------------------+-------------------------------------------------
Comment(by hakre):
Replying to [comment:5 filosofo]:
> Replying to [comment:4 hakre]:
> > is_object() does not unserialize a value. it will return false. it
will only return true on real (not serialized) objects.
>
> But in the case I mentioned the "object" is unserialized as an
{{{__PHP_Incomplete_Class}}} object. It's not just a string of serialized
data.
Ah okay, I was not aware of that. I guess that's a nice case which shows
where usage makes sense with user options. I suggest to base64_encode
serialized values to protect their integrity within wordpress.
Replying to [comment:6 filosofo]:
> hakre, your patch has a typo: "retirm"
Thanks for reporting, fixed.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11509#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list