Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #25311


Ignore:
Timestamp:
09/13/2013 03:00:24 PM (11 years ago)
Author:
scribu
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #25311 – Description

    initial v1  
    11Returning PHP-serialized strings in api.wordpress.org is lame, for two reasons:
    22
    3 ### Security
     3== Security ==
    44
    55It has the potential to lead to security exploits via PHP object injection: http://vagosec.org/2013/09/wordpress-php-object-injection/
     
    77Considering that Core doesn't use HTTPS for most requests it makes to api.wordpress.org, this is even more plausible.
    88
    9 ### Portability
     9== Portability ==
    1010
    1111It's hard to unserialize these strings in other languages besides PHP. JSON is the obvious replacement.