Make WordPress Core

Opened 13 months ago

#59705 new defect (bug)

get_metadata_raw() will return false when unserialize() fails

Reported by: igorsch's profile igorsch Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.8
Component: Options, Meta APIs Keywords:
Focuses: Cc:

Description

The return value of get_metadata_raw() is documented as follows:

  • False for an invalid $object_id (non-numeric, zero, or negative value),
  • or if $meta_type is not specified.

Source: https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/meta.php#L596:L597

However, if your metadata contains serialized data that is incorrect for some reason, maybe_unserialize() will (also) return false.
Source: https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-includes/meta.php#L661

E.g. a:2:{s:3:"foo";b:1;} is invalid due to it expecting 2 entries, but only 1 is present.

History check; It seems to have been made a lot more precise (but missing this minor case):

Change History (0)

Note: See TracTickets for help on using tickets.