base64 cached objects and store within multi-line comment block to avoid CRLF injections into the cache. Props Peter Westwood.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3798 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
d05a23cbc9
commit
e7618712cb
|
@ -47,8 +47,8 @@ function wp_cache_set($key, $data, $flag = '', $expire = 0) {
|
|||
return $wp_object_cache->set($key, $data, $flag, $expire);
|
||||
}
|
||||
|
||||
define('CACHE_SERIAL_HEADER', "<?php\n//");
|
||||
define('CACHE_SERIAL_FOOTER', "\n?".">");
|
||||
define('CACHE_SERIAL_HEADER', "<?php\n/*");
|
||||
define('CACHE_SERIAL_FOOTER', "*/\n?".">");
|
||||
|
||||
class WP_Object_Cache {
|
||||
var $cache_dir;
|
||||
|
@ -158,7 +158,7 @@ class WP_Object_Cache {
|
|||
return false;
|
||||
}
|
||||
|
||||
$this->cache[$group][$id] = unserialize(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER)));
|
||||
$this->cache[$group][$id] = unserialize(base64_decode(substr(@ file_get_contents($cache_file), strlen(CACHE_SERIAL_HEADER), -strlen(CACHE_SERIAL_FOOTER))));
|
||||
if (false === $this->cache[$group][$id])
|
||||
$this->cache[$group][$id] = '';
|
||||
|
||||
|
@ -332,7 +332,7 @@ class WP_Object_Cache {
|
|||
}
|
||||
|
||||
$temp_file = tempnam($group_dir, 'tmp');
|
||||
$serial = CACHE_SERIAL_HEADER.serialize($this->cache[$group][$id]).CACHE_SERIAL_FOOTER;
|
||||
$serial = CACHE_SERIAL_HEADER.base64_encode(serialize($this->cache[$group][$id])).CACHE_SERIAL_FOOTER;
|
||||
$fd = @fopen($temp_file, 'w');
|
||||
if ( false === $fd ) {
|
||||
$errors++;
|
||||
|
|
|
@ -3,6 +3,6 @@
|
|||
// This just holds the version number, in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '2.1-alpha1';
|
||||
$wp_db_version = 3767;
|
||||
$wp_db_version = 3797;
|
||||
|
||||
?>
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue