[wp-trac] [WordPress Trac] #18007: is_serialized trouble for multibytes encoding
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 6 16:51:53 UTC 2011
#18007: is_serialized trouble for multibytes encoding
--------------------------+-----------------------------
Reporter: challet | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Charset | Version: 3.2
Severity: normal | Keywords:
--------------------------+-----------------------------
Possible bug in the ''is_serialized'' function, in a multibytes
environment :
== Context ==
* ''utf-8'' encoded database fields
* auto overlaoding singlebyte functions from conf (see
http://www.php.net/manual/en/mbstring.overload.php)
Retrieving an option from the database, the ''get_option'' function try to
deserialize it.
== Bug scenario ==
* the ''strlen'' call is actually a ''mb_strlen'' one
* the ''$length'' var is the number of characters (not bytes)
* using {{{ $data[$length-1] }}} don't retrieve the last char but one
before, it's actual position is undefined, depending on the other content
of the string
* this ''$lastc'' is not '';'' or ''}''
* the string is understood has not serialized
== Patch proposal ==
here is a fix i made to make it work with multibytes string :
Not tested it for single bytes, but there is no reason for it to not work.
{{{
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -256,7 +256,7 @@ function is_serialized( $data ) {
return false;
if ( ':' !== $data[1] )
return false;
- $lastc = $data[$length-1];
+ $lastc = substr($data, -1);
if ( ';' !== $lastc && '}' !== $lastc )
return false;
$token = $data[0];
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18007>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list