Changeset 4384 for branches/2.0/wp-includes/functions.php

Timestamp:

10/13/2006 12:24:51 AM (19 years ago)

Author:

markjaquith

Message:

Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591

File:

• branches/2.0/wp-includes/functions.php (modified) (6 diffs)

branches/2.0/wp-includes/functions.php

@@ -263 +263 @@
 
 function maybe_unserialize($original) {
-    if ( false !== $gm = @ unserialize($original) )
-        return $gm;
-    else
-        return $original;
+    if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
+        if ( false !== $gm = @ unserialize($original) )
+            return $gm;
+    return $original;
+}
+
+function maybe_serialize($data) {
+    if ( is_string($data) )
+        $data = trim($data);
+    elseif ( is_array($data) || is_object($data) )
+        return serialize($data);
+    if ( is_serialized($data) )
+        return serialize($data);
+    return $data;
+}
+
+function is_serialized($data) {
+    if ( !is_string($data) ) // if it isn't a string, it isn't serialized
+        return false;
+    $data = trim($data);
+    if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
+        return true;
+    return false;
+}
+
+function is_serialized_string($data) {
+    if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
+        return false;
+    $data = trim($data);
+    if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
+        return true;
+    return false;
 }
 
@@ -366 +394 @@
 
     $_newvalue = $newvalue;
-    if ( is_array($newvalue) || is_object($newvalue) )
-        $newvalue = serialize($newvalue);
+    $newvalue = maybe_serialize($newvalue);
 
     wp_cache_set($option_name, $newvalue, 'options');
@@ -396 +423 @@
         return;
 
-    if ( is_array($value) || is_object($value) )
-        $value = serialize($value);
+    $value = maybe_serialize($value);
 
     wp_cache_set($name, $value, 'options');
@@ -430 +456 @@
     }
 
-    $original = $value;
-    if ( is_array($value) || is_object($value) )
-        $value = $wpdb->escape(serialize($value));
+    $post_meta_cache[$post_id][$key][] = $value;
+
+    $value = maybe_serialize($value);
+    $value = $wpdb->escape($value);
 
     $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')");
-
-    $post_meta_cache[$post_id][$key][] = $original;
 
     return true;
@@ -512 +537 @@
 
     $original_value = $value;
-    if ( is_array($value) || is_object($value) )
-        $value = $wpdb->escape(serialize($value));
+    $value = maybe_serialize($value);
+    $value = $wpdb->escape($value);
 
     $original_prev = $prev_value;
-    if ( is_array($prev_value) || is_object($prev_value) )
-        $prev_value = $wpdb->escape(serialize($prev_value));
+    $prev_value = maybe_serialize($prev_value);
+    $prev_value = $wpdb->escape($prev_value);
 
     if (! $wpdb->get_var("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = '$post_id'") ) {
@@ -2253 +2278 @@
     $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
 
-    if ( is_array($meta_value) || is_object($meta_value) )
-        $meta_value = serialize($meta_value);
-    $meta_value = trim( $meta_value );
+    // FIXME: usermeta data is assumed to be already escaped
+    $meta_value = stripslashes($meta_value);
+    $meta_value = maybe_serialize($meta_value);
+    $meta_value = $wpdb->escape($meta_value);
     
     if (empty($meta_value)) {