[wp-trac] [WordPress Trac] #18007: is_serialized trouble for multibytes encoding

WordPress Trac wp-trac at lists.automattic.com
Wed Jul 6 16:51:53 UTC 2011


#18007: is_serialized trouble for multibytes encoding
--------------------------+-----------------------------
 Reporter:  challet       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Charset       |    Version:  3.2
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 Possible bug in the ''is_serialized'' function, in a multibytes
 environment :

 == Context ==

 * ''utf-8'' encoded database fields
 * auto overlaoding singlebyte functions from conf (see
 http://www.php.net/manual/en/mbstring.overload.php)

 Retrieving an option from the database, the ''get_option'' function try to
 deserialize it.

 == Bug scenario ==
  * the ''strlen'' call is actually a ''mb_strlen'' one
  * the ''$length'' var is the number of characters (not bytes)
  * using {{{ $data[$length-1] }}} don't retrieve the last char but one
 before, it's actual position is undefined, depending on the other content
 of the string
  * this ''$lastc'' is not '';'' or ''}''
  * the string is understood has not serialized

 == Patch proposal ==

 here is a fix i made to make it work with multibytes string :
 Not tested it for single bytes, but there is no reason for it to not work.
 {{{
 --- a/wp-includes/functions.php
 +++ b/wp-includes/functions.php
 @@ -256,7 +256,7 @@ function is_serialized( $data ) {
                 return false;
         if ( ':' !== $data[1] )
                 return false;
 -       $lastc = $data[$length-1];
 +       $lastc = substr($data, -1);
         if ( ';' !== $lastc && '}' !== $lastc )
                 return false;
         $token = $data[0];
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18007>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list