WordPress.org

Make WordPress Core

Opened 7 years ago

Last modified 6 months ago

#21650 new defect (bug)

replace serialize() with print_r() in stats() function in wp-includes/cache.php

Reported by: bobbingwide Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.4.1
Component: Cache API Keywords: has-patch
Focuses: Cc:
PR Number:

Description

In PHP 5.3 it is no longer possible to serialize data that contains a SimpleXMLElement object. It produces a fatal error. See https://bugs.php.net/bug.php?id=49800

The stats() function attempts to determine the allocated space for objects in the cache by using strlen() of the serialized object.

This can fail for the reason above.

Given that the figure returned is simply an estimation of the space
I propose that the code is changed to use
print_r( $cache, true ) instead of serialize( $cache )

ie. to become
echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( print_r( $cache, true ) ) / 1024, 2 ) . 'k )</li>';

This TRAC was raised after a longish chain of events starting with #18488 and the final response (today) which led to another chance discovery of a similar problem in the debug-bar plugin.

http://wordpress.org/support/topic/plugin-debug-bar-fatal-error-uncaught-exception-serialization-of-simplexmlelement-is-not-allowed

Attachments (5)

cache.php.21650.diff (564 bytes) - added by bobbingwide 7 years ago.
Replace serialize() with print_r() to avoid Fatal error (WP 3.5)
21650-try-catch.diff (692 bytes) - added by voldemortensen 5 years ago.
21650-try-catch-for-real.diff (690 bytes) - added by voldemortensen 5 years ago.
14157-ms-php.fixed.diff (1.5 KB) - added by voldemortensen 5 years ago.
21650-try-catch.fixed.diff (696 bytes) - added by voldemortensen 5 years ago.

Download all attachments as: .zip

Change History (21)

@bobbingwide
7 years ago

Replace serialize() with print_r() to avoid Fatal error (WP 3.5)

#1 @scribu
7 years ago

  • Severity changed from normal to minor

The way this estimation is presented is very misleading; it makes you think you're viewing the size of the cache in memory, rather than the lenght of it's serialization.

#2 @scribu
7 years ago

Other than that, switching to print_r() seems sane.

#3 @wonderboymusic
7 years ago

  • Keywords has-patch added

#4 @wonderboymusic
6 years ago

  • Milestone changed from Awaiting Review to 3.7

#5 @nacin
6 years ago

How is a SimpleXMLElement object making its way into object cache? It should not be allowed in postmeta, options, etc., as those all serialize (even going into cache). I imagine it would only occur when you are using your own cache bucket?

Should we do a try/catch and fall back to print_r()? I'm fine with moving over to print_r() but it's probably even less of a decent representation of the approximate size in cache.

#6 follow-up: @ryan
6 years ago

A try/catch with fallback to print_r() seems sufficient to cover this edge case. serialize() does give us a better approximation.

#7 in reply to: ↑ 6 @nacin
6 years ago

  • Keywords needs-patch added; has-patch removed
  • Milestone changed from 3.7 to Future Release
  • Priority changed from normal to low

Replying to ryan:

A try/catch with fallback to print_r() seems sufficient to cover this edge case. serialize() does give us a better approximation.

Yeah, I agree. Happy to commit a patch that does this. Because this is merely a debugging situation, and it's a very particular issue, I'm pushing on this. Super edge.

#8 @voldemortensen
5 years ago

I was unable to duplicate the error, however I added a try/catch to try serialize and then print_r. Patch needs testing as I couldn't duplicate.

#9 @SergeyBiryukov
5 years ago

In 21650-try-catch.diff, looks like serialize() should be replaced with print_r() in line 645.

#10 @voldemortensen
5 years ago

Thanks SergeyBiryukov. updated.

#11 @SergeyBiryukov
5 years ago

One more thing, it should be print_r( $cache, true ) (to return the value instead of printing it directly).

#12 @voldemortensen
5 years ago

/sigh That should be it. My mind must be on the weekend or something.

#13 @SergeyBiryukov
5 years ago

14157-ms-php.fixed.diff includes some unrelated changes, but looks good otherwise.

#14 @voldemortensen
5 years ago

Last try before I quit for the weekend.

#15 @SergeyBiryukov
5 years ago

  • Keywords has-patch 4.1-early added; needs-patch removed

#16 @chriscct7
4 years ago

  • Keywords 4.1-early removed
  • Priority changed from low to normal
  • Severity changed from minor to normal
Note: See TracTickets for help on using tickets.