WP should catch serialization errors in options and meta fields
|Reported by:||Denis-de-Bernardy||Owned by:|
One some servers, with some configs, you occasionally get serialized data with an erroneous strlen(). It's clearly php related, but it does break sites.
The bug has to do with the fact that the string length function that is internally used by serialize() doesn't like utf8 much. You get erroneous string length values -- even when strlen() returns the correct value, and even when you overload the strlen() function. This makes it borderline impossible to reproduce on an english site, but it definitely occurs out in the wild.
Anyway, the end result is a corrupt array that is then passed into WP as a string. On occasion, this leads to fatal errors. (see the above two bugs.)
I've mostly seen this happen with text widgets or equivalent; more rarely with post meta fields and the like. It seems to me that this could be corrected by returning a straight false when unserialization fails, as is done in the attached patch.
Change History (12)
- Resolution fixed deleted
- Severity changed from normal to critical
- Status changed from closed to reopened
in reply to:
7 years ago
- Resolution set to fixed
- Status changed from reopened to closed