Changes between Initial Version and Version 1 of Ticket #25311
- Timestamp:
- 09/13/2013 03:00:24 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #25311 – Description
initial v1 1 1 Returning PHP-serialized strings in api.wordpress.org is lame, for two reasons: 2 2 3 ### Security 3 == Security == 4 4 5 5 It has the potential to lead to security exploits via PHP object injection: http://vagosec.org/2013/09/wordpress-php-object-injection/ … … 7 7 Considering that Core doesn't use HTTPS for most requests it makes to api.wordpress.org, this is even more plausible. 8 8 9 ### Portability 9 == Portability == 10 10 11 11 It's hard to unserialize these strings in other languages besides PHP. JSON is the obvious replacement.