Loose validation for is_serialized() in maybe_serialize().
Built from https://develop.svn.wordpress.org/trunk@25320 git-svn-id: http://core.svn.wordpress.org/trunk@25282 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3e41af8489
commit
a461a25d76
|
@ -242,9 +242,10 @@ function maybe_unserialize( $original ) {
|
||||||
* @since 2.0.5
|
* @since 2.0.5
|
||||||
*
|
*
|
||||||
* @param mixed $data Value to check to see if was serialized.
|
* @param mixed $data Value to check to see if was serialized.
|
||||||
|
* @param bool $strict Optional. Whether to be strict about the end of the string. Defaults true.
|
||||||
* @return bool False if not serialized and true if it was.
|
* @return bool False if not serialized and true if it was.
|
||||||
*/
|
*/
|
||||||
function is_serialized( $data ) {
|
function is_serialized( $data, $strict = true ) {
|
||||||
// if it isn't a string, it isn't serialized
|
// if it isn't a string, it isn't serialized
|
||||||
if ( ! is_string( $data ) )
|
if ( ! is_string( $data ) )
|
||||||
return false;
|
return false;
|
||||||
|
@ -256,21 +257,32 @@ function is_serialized( $data ) {
|
||||||
return false;
|
return false;
|
||||||
if ( ':' !== $data[1] )
|
if ( ':' !== $data[1] )
|
||||||
return false;
|
return false;
|
||||||
|
if ( $strict ) {
|
||||||
$lastc = $data[ $length - 1 ];
|
$lastc = $data[ $length - 1 ];
|
||||||
if ( ';' !== $lastc && '}' !== $lastc )
|
if ( ';' !== $lastc && '}' !== $lastc )
|
||||||
return false;
|
return false;
|
||||||
|
} else {
|
||||||
|
// ensures ; or } exists but is not in the first X chars
|
||||||
|
if ( strpos( $data, ';' ) < 3 && strpos( $data, '}' ) < 4 )
|
||||||
|
return false;
|
||||||
|
}
|
||||||
$token = $data[0];
|
$token = $data[0];
|
||||||
switch ( $token ) {
|
switch ( $token ) {
|
||||||
case 's' :
|
case 's' :
|
||||||
|
if ( $strict ) {
|
||||||
if ( '"' !== $data[ $length - 2 ] )
|
if ( '"' !== $data[ $length - 2 ] )
|
||||||
return false;
|
return false;
|
||||||
|
} elseif ( false === strpos( $data, '"' ) ) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
case 'a' :
|
case 'a' :
|
||||||
case 'O' :
|
case 'O' :
|
||||||
return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data );
|
return (bool) preg_match( "/^{$token}:[0-9]+:/s", $data );
|
||||||
case 'b' :
|
case 'b' :
|
||||||
case 'i' :
|
case 'i' :
|
||||||
case 'd' :
|
case 'd' :
|
||||||
return (bool) preg_match( "/^{$token}:[0-9.E-]+;\$/", $data );
|
$end = $strict ? '$' : '';
|
||||||
|
return (bool) preg_match( "/^{$token}:[0-9.E-]+;$end/", $data );
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -317,7 +329,7 @@ function maybe_serialize( $data ) {
|
||||||
|
|
||||||
// Double serialization is required for backward compatibility.
|
// Double serialization is required for backward compatibility.
|
||||||
// See http://core.trac.wordpress.org/ticket/12930
|
// See http://core.trac.wordpress.org/ticket/12930
|
||||||
if ( is_serialized( $data ) )
|
if ( is_serialized( $data, false ) )
|
||||||
return serialize( $data );
|
return serialize( $data );
|
||||||
|
|
||||||
return $data;
|
return $data;
|
||||||
|
|
Loading…
Reference in New Issue