[wp-trac] [WordPress Trac] #45895: maybe_unserialize: handle exceptions thrown during unserialization
WordPress Trac
noreply at wordpress.org
Thu Jan 10 01:19:02 UTC 2019
#45895: maybe_unserialize: handle exceptions thrown during unserialization
--------------------------+--------------------------------------
Reporter: bluefuton | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords: has-patch has-unit-tests
Focuses: |
--------------------------+--------------------------------------
In PHP 7.2+, it's possible for `unserialize()` to fail with an uncaught
exception when handed a serialized SimpleXMLElement object, like this:
{{{
$input = 'O:16:"SimpleXMLElement":0:{}';
$output = null;
try {
$output = @unserialize( $input );
} catch ( Exception $e ) {
var_dump( $e );
}
var_dump( $output );
}}}
The `maybe_unserialize()` function does not currently include any
exception handling.
The attached patch handles the scenario where `unserialize()` throws an
exception, and also adds unit tests for `maybe_unserialize()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45895>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list