Opened 12 years ago
Last modified 2 years ago
#21650 new defect (bug)
replace serialize() with print_r() in stats() function in wp-includes/cache.php
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 3.4.1 |
Component: | Cache API | Keywords: | has-patch needs-unit-tests |
Focuses: | Cc: |
Description
In PHP 5.3 it is no longer possible to serialize data that contains a SimpleXMLElement object. It produces a fatal error. See https://bugs.php.net/bug.php?id=49800
The stats() function attempts to determine the allocated space for objects in the cache by using strlen() of the serialized object.
This can fail for the reason above.
Given that the figure returned is simply an estimation of the space
I propose that the code is changed to use
print_r( $cache, true ) instead of serialize( $cache )
ie. to become
echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( print_r( $cache, true ) ) / 1024, 2 ) . 'k )</li>';
This TRAC was raised after a longish chain of events starting with #18488 and the final response (today) which led to another chance discovery of a similar problem in the debug-bar plugin.
Attachments (6)
Change History (25)
#1
@
12 years ago
- Severity changed from normal to minor
The way this estimation is presented is very misleading; it makes you think you're viewing the size of the cache in memory, rather than the lenght of it's serialization.
#5
@
12 years ago
How is a SimpleXMLElement object making its way into object cache? It should not be allowed in postmeta, options, etc., as those all serialize (even going into cache). I imagine it would only occur when you are using your own cache bucket?
Should we do a try/catch and fall back to print_r()? I'm fine with moving over to print_r() but it's probably even less of a decent representation of the approximate size in cache.
#6
follow-up:
↓ 7
@
12 years ago
A try/catch with fallback to print_r() seems sufficient to cover this edge case. serialize() does give us a better approximation.
#7
in reply to:
↑ 6
@
11 years ago
- Keywords needs-patch added; has-patch removed
- Milestone changed from 3.7 to Future Release
- Priority changed from normal to low
Replying to ryan:
A try/catch with fallback to print_r() seems sufficient to cover this edge case. serialize() does give us a better approximation.
Yeah, I agree. Happy to commit a patch that does this. Because this is merely a debugging situation, and it's a very particular issue, I'm pushing on this. Super edge.
#8
@
10 years ago
I was unable to duplicate the error, however I added a try/catch to try serialize and then print_r. Patch needs testing as I couldn't duplicate.
#9
@
10 years ago
In 21650-try-catch.diff, looks like serialize()
should be replaced with print_r()
in line 645.
#11
@
10 years ago
One more thing, it should be print_r( $cache, true )
(to return the value instead of printing it directly).
#13
@
10 years ago
14157-ms-php.fixed.diff includes some unrelated changes, but looks good otherwise.
#16
@
9 years ago
- Keywords 4.1-early removed
- Priority changed from low to normal
- Severity changed from minor to normal
#17
@
3 years ago
- Milestone set to 6.1
Came across this ticket going through tickets missing a milestone.
This doesn't seem to have come up again recently, but it probably wouldn't hurt to protect against custom cache groups where built-in PHP objects are potentially cached.
21650.diff is a refreshed patch for a sanity check.
#18
@
3 years ago
- Keywords needs-unit-tests added
This seems like a good improvement, but it's one that I think requires some automated tests before it is ready for commit
#19
@
2 years ago
- Milestone changed from 6.1 to Future Release
With WP 6.1 RC 1 scheduled tomorrow (Oct 10, 2022), there is not much time left to address this ticket. Given it still needs unit tests, let's move this ticket to Future Release
.
Ps: if you were about to send a patch and if you feel it is realistic to commit it in the next few hours, please feel free to move this ticket back to milestone 6.1.
Replace serialize() with print_r() to avoid Fatal error (WP 3.5)