From bba24b09ca357ad0a3d87d88afcf7375798c7a8b Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Mon, 17 Mar 2014 20:09:17 +0000 Subject: [PATCH] In is_serialized(), use substr() rather than array access, for compatibility with multibyte overloading. props SergeyBiryukov. fixes #18007. Built from https://develop.svn.wordpress.org/trunk@27565 git-svn-id: http://core.svn.wordpress.org/trunk@27408 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions.php | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 6fa978c099..5f4e76367d 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -251,20 +251,24 @@ function maybe_unserialize( $original ) { */ function is_serialized( $data, $strict = true ) { // if it isn't a string, it isn't serialized - if ( ! is_string( $data ) ) + if ( ! is_string( $data ) ) { return false; + } $data = trim( $data ); - if ( 'N;' == $data ) + if ( 'N;' == $data ) { return true; - $length = strlen( $data ); - if ( $length < 4 ) + } + if ( strlen( $data ) < 4 ) { return false; - if ( ':' !== $data[1] ) + } + if ( ':' !== $data[1] ) { return false; + } if ( $strict ) { - $lastc = $data[ $length - 1 ]; - if ( ';' !== $lastc && '}' !== $lastc ) + $lastc = substr( $data, -1 ); + if ( ';' !== $lastc && '}' !== $lastc ) { return false; + } } else { $semicolon = strpos( $data, ';' ); $brace = strpos( $data, '}' ); @@ -281,8 +285,9 @@ function is_serialized( $data, $strict = true ) { switch ( $token ) { case 's' : if ( $strict ) { - if ( '"' !== $data[ $length - 2 ] ) + if ( '"' !== substr( $data, -2, 1 ) ) { return false; + } } elseif ( false === strpos( $data, '"' ) ) { return false; } @@ -309,22 +314,23 @@ function is_serialized( $data, $strict = true ) { */ function is_serialized_string( $data ) { // if it isn't a string, it isn't a serialized string - if ( !is_string( $data ) ) + if ( ! is_string( $data ) ) { return false; + } $data = trim( $data ); - $length = strlen( $data ); - if ( $length < 4 ) + if ( strlen( $data ) < 4 ) { return false; - elseif ( ':' !== $data[1] ) + } elseif ( ':' !== $data[1] ) { return false; - elseif ( ';' !== $data[$length-1] ) + } elseif ( ';' !== substr( $data, -1 ) ) { return false; - elseif ( $data[0] !== 's' ) + } elseif ( $data[0] !== 's' ) { return false; - elseif ( '"' !== $data[$length-2] ) + } elseif ( '"' !== substr( $data, -2, 1 ) ) { return false; - else + } else { return true; + } } /**