[wp-trac] [WordPress Trac] #12930: Unserialize error?
WordPress Trac
wp-trac at lists.automattic.com
Sun Apr 11 17:00:12 UTC 2010
#12930: Unserialize error?
-----------------------------------+----------------------------------------
Reporter: ipstenu | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: General | Version:
Severity: major | Resolution:
Keywords: 3.0-beta, unserialize |
-----------------------------------+----------------------------------------
Comment(by nacin):
We're looking into this. It comes out of a change to maybe_serialize() in
r13673, which for a long while serialized already serialized data, and now
no longer does. We'll probably revert this.
Bottom line is, '''plugin developers are using the _option, _meta, and
_transient APIs ''horribly incorrectly'' for this change to cause
problems.'''
These APIs already serialize and unserialize objects and arrays
transparently. Thus, this works:
{{{
update_option( 'my_plugin_options', array( 'blah', 'foo', bar' ) );
get_option( 'my_update_plugins' ); // returns the array
}}}
Instead, far too many are doing this:
{{{
update_option( 'my_plugin_options', serialize( array( 'blah', 'foo', bar'
) ) );
unserialize( get_option( 'my_update_plugins' ) );
}}}
More or less, that means that you're serializing the data, then
update_option is serializing serialized data, then get_option is
unserializing it once, and unserialize is unserializing it again. r13673
breaks this, as update_option doesn't serialize the data a second time any
more, causing the plugin's unserialize() to attempt to perform a second
unserialize() on data that was only serialized once.
I will revert the changes in r13673. But please, update your plugins,
spread the word.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12930#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list