Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591

git-svn-id: http://svn.automattic.com/wordpress/trunk@4382 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-10-12 23:54:36 +00:00
parent b77b63ebd7
commit 854cf56a7d
7 changed files with 89 additions and 39 deletions
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -156,10 +156,28 @@ function get_lastpostmodified($timezone = 'server') {
 }

 function maybe_unserialize($original) {
-	if ( false !== $gm = @ unserialize($original) )
-		return $gm;
-	else
-		return $original;
+	if ( is_serialized($original) ) // don't attempt to unserialize data that wasn't serialized going in
+		if ( false !== $gm = @ unserialize($original) )
+			return $gm;
+	return $original;
+}
+
+function is_serialized($data) {
+	if ( !is_string($data) ) // if it isn't a string, it isn't serialized
+		return false;
+	$data = trim($data);
+	if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data
+		return true;
+	return false;
+}
+
+function is_serialized_string($data) {
+	if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string
+		return false;
+	$data = trim($data);
+	if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings
+		return true;
+	return false;
 }

 /* Options functions */
@@ -239,8 +257,7 @@ function update_option($option_name, $newvalue) {
 	}

 	$_newvalue = $newvalue;
-	if ( is_array($newvalue) || is_object($newvalue) )
-		$newvalue = serialize($newvalue);
+	$newvalue = prepare_data($newvalue);

 	wp_cache_set($option_name, $newvalue, 'options');

@@ -262,8 +279,7 @@ function add_option($name, $value = '', $description = '', $autoload = 'yes') {
 	if ( false !== get_option($name) )
 		return;

-	if ( is_array($value) || is_object($value) )
-		$value = serialize($value);
+	$value = prepare_data($value);

 	wp_cache_set($name, $value, 'options');

@@ -285,6 +301,16 @@ function delete_option($name) {
 	return true;
 }

+function prepare_data($data) {
+	if ( is_string($data) )
+		$data = trim($data);
+	elseif ( is_array($data) || is_object($data) )
+		return serialize($data);
+	if ( is_serialized($data) )
+		return serialize($data);
+	return $data;
+}
+
 function gzip_compression() {
 	if ( !get_option('gzipcompression') ) return false;