[wp-trac] [WordPress Trac] #56832: update_post_meta / get_post_meta data corruption in serialization
WordPress Trac
noreply at wordpress.org
Sat Oct 15 21:18:35 UTC 2022
#56832: update_post_meta / get_post_meta data corruption in serialization
--------------------------------+------------------------
Reporter: loopy255 | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Options, Meta APIs | Version:
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
--------------------------------+------------------------
Comment (by loopy255):
Here's updated example that uses properly wp_slash before storing it:
{{{#!php
<?php
$_SERVER["HTTP_HOST"] = "localhost";
require "/usr/share/webapps/wordpress/wp-load.php";
function custom_serialization($data) {
return json_encode($data);
}
function custom_deserialization($data) {
return is_string($data) ? json_decode($data) : '(failed to
deserialize)';
}
$postId = 666;
$key = "test";
$data = wp_slash("[\\ \\ \\ \\&] \\'");
printf("Builtin-serialization\n");
printf("-------------------------\n");
printf("Stored: %s\n", $data);
update_post_meta($postId, $key, $data);
$retrieved = get_post_meta($postId, $key);
printf("Retrieved: %s\n", var_export($retrieved, true));
printf("Equals: %s\n", var_export($data === $retrieved, true));
printf("\n");
printf("Custom-serialization\n");
printf("-------------------------\n");
$data = wp_slash(custom_serialization($data));
printf("Stored: %s\n", $data);
update_post_meta($postId, $key, $data);
$retrieved = get_post_meta($postId, $key);
printf("Retrieved: %s\n", var_export($retrieved, true));
printf("Deserialized: %s\n",
var_export(custom_deserialization($retrieved), true));
printf("Equals: %s\n", var_export($data === $retrieved, true));
}}}
Output:
{{{
Builtin-serialization
-------------------------
Stored: [\\ \\ \\ \\&] \\\'
Retrieved: array (
0 => '[\\ \\ \\ \\&] \\\'',
)
Equals: false
Custom-serialization
-------------------------
Stored: \"[\\\\\\\\ \\\\\\\\ \\\\\\\\ \\\\\\\\&] \\\\\\\\\\\\\'\"
Retrieved: array (
0 => '"[\\\\\\\\ \\\\\\\\ \\\\\\\\ \\\\\\\\&] \\\\\\\\\\\\\'"',
)
Deserialized: '(failed to deserialize)'
Equals: false
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56832#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list