[wp-trac] [WordPress Trac] #19617: Use maybe_unserialize() for HTTP requests
WordPress Trac
wp-trac at lists.automattic.com
Mon Dec 19 20:32:23 UTC 2011
#19617: Use maybe_unserialize() for HTTP requests
------------------------------+-----------------
Reporter: nacin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.4
Component: Warnings/Notices | Version:
Severity: normal | Keywords:
------------------------------+-----------------
In a few cases, we use this convention: `unserialize(
wp_remote_retrieve_body( $response ) )`. When the request fails,
unserialize() gets an empty string, and that's no good.
I see this one every so often: Notice: unserialize(): Error at offset 0 of
11 bytes in /Users/nacin/Sites/beta/wp-includes/update.php on line 288
These are all of the unserialize() calls in core. Let's move all of them
to maybe_unserialize() unless there is a good reason to keep them at
unserialize() —
{{{
./wp-admin/includes/dashboard.php:1250: $response = unserialize(
wp_remote_retrieve_body( $response ) );
./wp-admin/includes/plugin-install.php:48: $res =
unserialize( wp_remote_retrieve_body( $request ) );
./wp-admin/includes/theme.php:413: $res =
unserialize( wp_remote_retrieve_body( $request ) );
./wp-admin/includes/upgrade.php:1090: if (
!@unserialize( $value ) )
./wp-admin/includes/upgrade.php:1242: if (
!@unserialize( $value ) )
./wp-admin/includes/upgrade.php:1406: @ $kellogs = unserialize($option);
./wp-includes/ms-functions.php:848: $meta =
unserialize($signup->meta);
./wp-includes/update.php:188: $response = unserialize(
wp_remote_retrieve_body( $raw_response ) );
./wp-includes/update.php:288: $response = unserialize(
wp_remote_retrieve_body( $raw_response ) );
./wp-includes/user.php:886: $b_roles =
unserialize($caps_meta);
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19617>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list