Opened 9 years ago
Closed 5 years ago
#36416 closed enhancement (fixed)
maybe_unserialize returns false if non trimmed string is passed but is_serialized returns true
Reported by: | pbearne | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 5.5 | Priority: | normal |
Severity: | normal | Version: | 2.0 |
Component: | General | Keywords: | has-patch has-unit-tests 2nd-opinion |
Focuses: | Cc: |
Description
In maybe_unserialize we use is_serialized to protect the call to unserialize but is_serialized trim's the string so fails to protect unserialize call
Added a trim and updated code formatting to fix
Attachments (2)
Change History (10)
This ticket was mentioned in Slack in #core by noisysocks. View the logs.
5 years ago
#4
@
5 years ago
- Keywords 2nd-opinion added; dev-feedback removed
We chatted about this ticket in [today's Triage](https://wordpress.slack.com/archives/C02RQBWTW/p1583989966303400).
I went ahead and refreshed the current patch in 36416.diff.
Swapping dev-feedback
to second-opinion
per discussion so this can get attention + review.
Note: See
TracTickets for help on using
tickets.
patch with unit tests