Make WordPress Core

Opened 11 years ago

Last modified 14 months ago

#21650 new defect (bug)

replace serialize() with print_r() in stats() function in wp-includes/cache.php

Reported by: bobbingwide's profile bobbingwide Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 3.4.1
Component: Cache API Keywords: has-patch needs-unit-tests
Focuses: Cc:


In PHP 5.3 it is no longer possible to serialize data that contains a SimpleXMLElement object. It produces a fatal error. See

The stats() function attempts to determine the allocated space for objects in the cache by using strlen() of the serialized object.

This can fail for the reason above.

Given that the figure returned is simply an estimation of the space
I propose that the code is changed to use
print_r( $cache, true ) instead of serialize( $cache )

ie. to become
echo "<li><strong>Group:</strong> $group - ( " . number_format( strlen( print_r( $cache, true ) ) / 1024, 2 ) . 'k )</li>';

This TRAC was raised after a longish chain of events starting with #18488 and the final response (today) which led to another chance discovery of a similar problem in the debug-bar plugin.

Attachments (6)

cache.php.21650.diff (564 bytes) - added by bobbingwide 11 years ago.
Replace serialize() with print_r() to avoid Fatal error (WP 3.5)
21650-try-catch.diff (692 bytes) - added by voldemortensen 9 years ago.
21650-try-catch-for-real.diff (690 bytes) - added by voldemortensen 9 years ago.
14157-ms-php.fixed.diff (1.5 KB) - added by voldemortensen 9 years ago.
21650-try-catch.fixed.diff (696 bytes) - added by voldemortensen 9 years ago.
21650.diff (889 bytes) - added by desrosj 17 months ago.

Download all attachments as: .zip

Change History (25)

11 years ago

Replace serialize() with print_r() to avoid Fatal error (WP 3.5)

#1 @scribu
11 years ago

  • Severity changed from normal to minor

The way this estimation is presented is very misleading; it makes you think you're viewing the size of the cache in memory, rather than the lenght of it's serialization.

#2 @scribu
11 years ago

Other than that, switching to print_r() seems sane.

#3 @wonderboymusic
11 years ago

  • Keywords has-patch added

#4 @wonderboymusic
10 years ago

  • Milestone changed from Awaiting Review to 3.7

#5 @nacin
10 years ago

How is a SimpleXMLElement object making its way into object cache? It should not be allowed in postmeta, options, etc., as those all serialize (even going into cache). I imagine it would only occur when you are using your own cache bucket?

Should we do a try/catch and fall back to print_r()? I'm fine with moving over to print_r() but it's probably even less of a decent representation of the approximate size in cache.

#6 follow-up: @ryan
10 years ago

A try/catch with fallback to print_r() seems sufficient to cover this edge case. serialize() does give us a better approximation.

#7 in reply to: ↑ 6 @nacin
10 years ago

  • Keywords needs-patch added; has-patch removed
  • Milestone changed from 3.7 to Future Release
  • Priority changed from normal to low

Replying to ryan:

A try/catch with fallback to print_r() seems sufficient to cover this edge case. serialize() does give us a better approximation.

Yeah, I agree. Happy to commit a patch that does this. Because this is merely a debugging situation, and it's a very particular issue, I'm pushing on this. Super edge.

#8 @voldemortensen
9 years ago

I was unable to duplicate the error, however I added a try/catch to try serialize and then print_r. Patch needs testing as I couldn't duplicate.

#9 @SergeyBiryukov
9 years ago

In 21650-try-catch.diff, looks like serialize() should be replaced with print_r() in line 645.

#10 @voldemortensen
9 years ago

Thanks SergeyBiryukov. updated.

#11 @SergeyBiryukov
9 years ago

One more thing, it should be print_r( $cache, true ) (to return the value instead of printing it directly).

#12 @voldemortensen
9 years ago

/sigh That should be it. My mind must be on the weekend or something.

#13 @SergeyBiryukov
9 years ago

14157-ms-php.fixed.diff includes some unrelated changes, but looks good otherwise.

#14 @voldemortensen
9 years ago

Last try before I quit for the weekend.

#15 @SergeyBiryukov
9 years ago

  • Keywords has-patch 4.1-early added; needs-patch removed

#16 @chriscct7
8 years ago

  • Keywords 4.1-early removed
  • Priority changed from low to normal
  • Severity changed from minor to normal

17 months ago

#17 @desrosj
17 months ago

  • Milestone set to 6.1

Came across this ticket going through tickets missing a milestone.

This doesn't seem to have come up again recently, but it probably wouldn't hurt to protect against custom cache groups where built-in PHP objects are potentially cached.

21650.diff is a refreshed patch for a sanity check.

#18 @jorbin
17 months ago

  • Keywords needs-unit-tests added

This seems like a good improvement, but it's one that I think requires some automated tests before it is ready for commit

#19 @audrasjb
14 months ago

  • Milestone changed from 6.1 to Future Release

With WP 6.1 RC 1 scheduled tomorrow (Oct 10, 2022), there is not much time left to address this ticket. Given it still needs unit tests, let's move this ticket to Future Release.

Ps: if you were about to send a patch and if you feel it is realistic to commit it in the next few hours, please feel free to move this ticket back to milestone 6.1.

Note: See TracTickets for help on using tickets.