[wp-trac] [WordPress Trac] #53295: Serialized data should be handled as an opaque value
WordPress Trac
noreply at wordpress.org
Sat Jun 5 13:25:57 UTC 2021
#53295: Serialized data should be handled as an opaque value
-----------------------------+------------------------------
Reporter: whitewinterwolf | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-----------------------------+------------------------------
Comment (by siliconforks):
Replying to [comment:11 whitewinterwolf]:
> This is the safest and cleanest way to do it, and makes WordPress
compatible with third-party tools (current WordPress code breaks third-
party security software, thus endangering WordPress installations).
Ultimately, the problem is that supporting such third-party tools requires
changing the serialization format recognized by WordPress, and I don't
think it is possible to do that without introducing a new vulnerability.
This is why "[https://core.trac.wordpress.org/ticket/17375#comment:37
`is_serialized` is frozen in time]".
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53295#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list