Make WordPress Core


Ignore:
Timestamp:
01/08/2012 03:48:05 AM (10 years ago)
Author:
dd32
Message:

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/update.php

    r19693 r19707  
    9292
    9393    $body = trim( wp_remote_retrieve_body( $response ) );
    94     if ( ! $body = maybe_unserialize( $body ) )
    95         return false;
    96     if ( ! isset( $body['offers'] ) )
    97         return false;
     94    $body = maybe_unserialize( $body );
     95
     96    if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
     97        return false;
     98
    9899    $offers = $body['offers'];
    99100
     
    206207        return false;
    207208
    208     $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
    209 
    210     if ( false !== $response )
     209    $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
     210
     211    if ( is_array( $response ) )
    211212        $new_option->response = $response;
    212213    else
     
    320321    $new_update->checked = $checked;
    321322
    322     $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
    323     if ( false !== $response )
     323    $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
     324    if ( is_array( $response ) )
    324325        $new_update->response = $response;
    325326
Note: See TracChangeset for help on using the changeset viewer.