maybe_serialize() allows corrupted data? (1 post)

  1. Peter Butler
    Posted 7 years ago #

    I ran into an issue recently where a plugin which stored all of its values in a serialized array in a single option blew up on me, which nearly caused the loss of lots of precious info. It looks like someone managed to get a single quote into a field stored by this plugin (it stores various user info), and the whole thing went down in flames.

    I recognize that the plugin author probably should have done some escaping before it got sent into the option, but it seems like wordpress should probably handle this as a last resort before it gets put into the database?

    I happened upon this fix:


    although I havent tested it out yet. Does anybody have any advice on how to handle this?

Topic Closed

This topic has been closed to new replies.

About this Topic