[wp-trac] [WordPress Trac] #59233: Improve error handling for unserialize()
WordPress Trac
noreply at wordpress.org
Mon Feb 26 22:05:21 UTC 2024
#59233: Improve error handling for unserialize()
-------------------------------+--------------------------------
Reporter: jrf | Owner: (none)
Type: task (blessed) | Status: new
Priority: normal | Milestone: 6.6
Component: General | Version:
Severity: normal | Resolution:
Keywords: php83 2nd-opinion | Focuses: php-compatibility
-------------------------------+--------------------------------
Comment (by azaozz):
> a critical look at `maybe_unserialize()` may be warranted as the new
warning in PHP is related to security issues discovered in other projects
+1. As a minimum thinking that the warnings from `unserialize()` should
not be silenced when WP is in development mode (see
https://developer.wordpress.org/reference/functions/wp_is_development_mode/).
Also thinking it makes sense to use `maybe_unserialize()` instead of
`unserialize()` in more places/as appropriate as an attempt to maintain
backwards compatibility (no warnings) in production in PHP 8.0+.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59233#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list