WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/13/2006 12:24:51 AM (15 years ago)
Author:
markjaquith
Message:

Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-includes/functions.php

    r4373 r4384  
    263263
    264264function maybe_unserialize($original) {
    265     if ( false !== $gm = @ unserialize($original) )
    266         return $gm;
    267     else
    268         return $original;
     265    if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
     266        if ( false !== $gm = @ unserialize($original) )
     267            return $gm;
     268    return $original;
     269}
     270
     271function maybe_serialize($data) {
     272    if ( is_string($data) )
     273        $data = trim($data);
     274    elseif ( is_array($data) || is_object($data) )
     275        return serialize($data);
     276    if ( is_serialized($data) )
     277        return serialize($data);
     278    return $data;
     279}
     280
     281function is_serialized($data) {
     282    if ( !is_string($data) ) // if it isn't a string, it isn't serialized
     283        return false;
     284    $data = trim($data);
     285    if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
     286        return true;
     287    return false;
     288}
     289
     290function is_serialized_string($data) {
     291    if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
     292        return false;
     293    $data = trim($data);
     294    if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
     295        return true;
     296    return false;
    269297}
    270298
     
    366394
    367395    $_newvalue = $newvalue;
    368     if ( is_array($newvalue) || is_object($newvalue) )
    369         $newvalue = serialize($newvalue);
     396    $newvalue = maybe_serialize($newvalue);
    370397
    371398    wp_cache_set($option_name, $newvalue, 'options');
     
    396423        return;
    397424
    398     if ( is_array($value) || is_object($value) )
    399         $value = serialize($value);
     425    $value = maybe_serialize($value);
    400426
    401427    wp_cache_set($name, $value, 'options');
     
    430456    }
    431457
    432     $original = $value;
    433     if ( is_array($value) || is_object($value) )
    434         $value = $wpdb->escape(serialize($value));
     458    $post_meta_cache[$post_id][$key][] = $value;
     459
     460    $value = maybe_serialize($value);
     461    $value = $wpdb->escape($value);
    435462
    436463    $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
    437 
    438     $post_meta_cache[$post_id][$key][] = $original;
    439464
    440465    return true;
     
    512537
    513538    $original_value = $value;
    514     if ( is_array($value) || is_object($value) )
    515         $value = $wpdb->escape(serialize($value));
     539    $value = maybe_serialize($value);
     540    $value = $wpdb->escape($value);
    516541
    517542    $original_prev = $prev_value;
    518     if ( is_array($prev_value) || is_object($prev_value) )
    519         $prev_value = $wpdb->escape(serialize($prev_value));
     543    $prev_value = maybe_serialize($prev_value);
     544    $prev_value = $wpdb->escape($prev_value);
    520545
    521546    if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
     
    22532278    $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
    22542279
    2255     if ( is_array($meta_value) || is_object($meta_value) )
    2256         $meta_value = serialize($meta_value);
    2257     $meta_value = trim( $meta_value );
     2280    // FIXME: usermeta data is assumed to be already escaped
     2281    $meta_value = stripslashes($meta_value);
     2282    $meta_value = maybe_serialize($meta_value);
     2283    $meta_value = $wpdb->escape($meta_value);
    22582284   
    22592285    if (empty($meta_value)) {
Note: See TracChangeset for help on using the changeset viewer.