[wp-trac] [WordPress Trac] #17375: Serialized option values broken for classes with Serializable interface
WordPress Trac
noreply at wordpress.org
Fri May 8 19:48:14 UTC 2015
#17375: Serialized option values broken for classes with Serializable interface
--------------------------------+--------------------------
Reporter: hakre | Owner: markjaquith
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone: 4.3
Component: Options, Meta APIs | Version: 2.0.5
Severity: normal | Resolution:
Keywords: close | Focuses:
--------------------------------+--------------------------
Comment (by channeleaton):
Replying to [comment:35 nacin]:
> Replying to [comment:15 nacin]:
> > Any changes here need sign-off by the security team before continuing.
>
> I am almost positive we cannot make this change without directly adding
an arbitrary code execution vulnerability.
>
> = *DO NOT COMMIT UNDER ANY CIRCUMSTANCES.* =
I'm just trying to understand what's going on with the change. Is it the
regex that creates the vulnerability? If not, we're basically just adding
another key by which `is_serialized()` will return true. If normal objects
are already processed as true through this function, is the vulnerability
not already present?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/17375#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list