Ticket #16504: 16504.patch

wp-includes/functions.php

@@ -228 +228 @@
  * @return mixed Unserialized data can be any type.
  */
 function maybe_unserialize( $original ) {
-        if ( is_serialized( $original ) ) // don't attempt to unserialize data that wasn't serialized going in
+        if ( is_serialized_maybe( $original ) ) // don't attempt to unserialize data that wasn't serialized going in
                 return @unserialize( $original );
         return $original;
 }
@@ -275 +275 @@
         return false;
 }
 
+
 /**
+ * Check if parameter is serialized of maybe serialized data.
+ * 
+ * Will always return true if $data was serialized by maybe_serialize:
+ *   $return = is_serialized_maybe( maybe_serialize( $data ) );
+ * And it will always return false if not.
+ * 
+ * @see maybe_serialize() 
+ *
+ * @since 3.x.x
+ *
+ * @param mixed $data Data that might would have been serialized.
+ * @return bool 
+ */
+function is_serialized_maybe( $data ) {
+        static $mapStart = array( 's'=>1, 'a'=>1, 'O'=>1 );
+        if ( ! is_string( $data ) )
+                return false;
+        $length = strlen( $data );
+        if ( $length < 4 )
+                return false;
+        $token = $data[0];
+        if ( !isset($mapStart[$token]) )
+                return false;           
+        if ( ':' !== $data[1] )
+                return false;
+        $lastc = $data[$length-1];
+        if ( ';' !== $lastc && '}' !== $lastc )
+                return false;
+        if ( 's' === $token )
+                return (bool) '"' !== $data[$length-2];
+        return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data );
+}
+
+/**
  * Check whether serialized data is of string type.
  *
  * @since 2.0.5