Make WordPress Core


Ignore:
Timestamp:
01/08/2012 03:48:05 AM (13 years ago)
Author:
dd32
Message:

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/theme.php

    r19684 r19707  
    410410            $res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
    411411        } else {
    412             $res = unserialize( wp_remote_retrieve_body( $request ) );
    413             if ( ! $res )
    414             $res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
    415         }
    416     }
    417     //var_dump(array($args, $res));
     412            $res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
     413            if ( ! is_object( $res ) && ! is_array( $res ) )
     414                $res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
     415        }
     416    }
     417
    418418    return apply_filters('themes_api_result', $res, $action, $args);
    419419}
Note: See TracChangeset for help on using the changeset viewer.