#12302 closed defect (bug) (wontfix)
add_metadata() Fails to Store Serialized Values as BINARY
Reported by: | miqrogroove | Owned by: | ryan |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0 |
Component: | Database | Keywords: | needs-patch close |
Focuses: | Cc: |
Description
Symptoms:
WordPress stores corrupt values in post_metadata if there are any non-UTF-8 bytes in the meta_value.
Steps to reproduce:
Call add_metadata() with non-UTF-8 values such as a latin-1 copyright char.
Even though the serialized string goes through prepare() before the query, MySQL is required to truncate the invalid value being assigned to the meta_value field. The result is that the stored value can never be un-serialized.
This behavior can also be replicated by trying to inject CHAR(169) into any UTF-8 table query.
Change History (7)
#1
@
15 years ago
- Summary changed from add_metadata() Fails to Validate Inputs Before Serializing Them to add_metadata() Fails to Store Serialized Values as BINARY
#4
@
15 years ago
- Keywords needs-patch added
- Milestone changed from 3.0 to Future Release
Shifting to Future release pending patch, Too close to release to be changing anything related to the Schema anyway.
#5
@
11 years ago
- Keywords close added
- Priority changed from high to normal
- Severity changed from critical to normal
- Version set to 3.0
As the MySQL connection and encoding is defined through the global DB_COLLATE
and DB_CHARSET
definitions on installation, and I don't believe there's ever going to be the possibility that metadata values will ever be re-encoded to a new binary-safe encoding on upgrade, I just don't think this will ever be supported.
If you absolutely need to store non-UTF8 encoded strings or binary data, the best option I can think of is to do so in a custom table with your explicit schema, or somewhere other than in the DB. Otherwise it should be expected that your strings are encoded with whatever DB_CHARSET
was in use on installation.
After giving this some thought, I've come to the conclusions: