Support » Plugins » maybe_serialize() allows corrupted data?

  • I ran into an issue recently where a plugin which stored all of its values in a serialized array in a single option blew up on me, which nearly caused the loss of lots of precious info. It looks like someone managed to get a single quote into a field stored by this plugin (it stores various user info), and the whole thing went down in flames.

    I recognize that the plugin author probably should have done some escaping before it got sent into the option, but it seems like wordpress should probably handle this as a last resort before it gets put into the database?

    I happened upon this fix:

    PHP Serialize() & Unserialize() Issues

    although I havent tested it out yet. Does anybody have any advice on how to handle this?

  • The topic ‘maybe_serialize() allows corrupted data?’ is closed to new replies.