Make WordPress Core

Opened 4 years ago

Closed 2 years ago

Last modified 2 years ago

#17445 closed defect (bug) (invalid)

Give a speed kick to combined is_serialized() + is_serialized_string() + maybe_unserialize() usage

Reported by: hakre Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.2
Component: General Keywords:
Focuses: Cc:


In #17129 is_serialized_string() has been speed up by 23%. That was for the function itself.

However, that function is used in contexts that make the call to is_serialized() directly or indirectly via maybe_unserialize().

Most often these calls are redundant and must not be done at all.

If preconditions are already met, is_serialized_string() can be replaced with a simple check for the 's' or 'S' format and maybe_unserialize() can be replaced with @unserialize($data) as that's the code executed in maybe_unserialize() when is_serialze() had returned true on $data;

Attachments (1)

17445.patch (3.7 KB) - added by hakre 4 years ago.

Download all attachments as: .zip

Change History (5)

@hakre4 years ago

comment:1 @hakre4 years ago

Added a patch. Technically it would allow to deprecate is_serialized_string() as it is not needed any longer by core.

Next to that I suggest to remove the trim() from is_serialized() as maybe_serialize() does not unserialize on trimmed but on untrimmed data. Technically it does fail on untrimmed data which has been reported as being serialized by is_serialize().

Version 0, edited 4 years ago by hakre (next)

comment:2 @scribu4 years ago

@unserialize() is not an acceptable solution.

comment:3 @c3mdigital2 years ago

  • Resolution set to invalid
  • Status changed from new to closed

See comment in #16504 regarding security implications.

comment:4 @SergeyBiryukov2 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.