maybe_serialize() allows corrupted data? | WordPress.org

Peter Butler
(@peterebutler)

14 years, 9 months ago

I ran into an issue recently where a plugin which stored all of its values in a serialized array in a single option blew up on me, which nearly caused the loss of lots of precious info. It looks like someone managed to get a single quote into a field stored by this plugin (it stores various user info), and the whole thing went down in flames.

I recognize that the plugin author probably should have done some escaping before it got sent into the option, but it seems like wordpress should probably handle this as a last resort before it gets put into the database?

I happened upon this fix:

http://davidwalsh.name/php-serialize-unserialize-issues

although I havent tested it out yet. Does anybody have any advice on how to handle this?

The topic ‘maybe_serialize() allows corrupted data?’ is closed to new replies.

Tags

In: Plugins
0 replies
1 participant
Last reply from: Peter Butler
Last activity: 14 years, 9 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics