From b6195eb82a94fad207250c3c7ecac979f54d77d3 Mon Sep 17 00:00:00 2001
From: Andrew Nacin <nacin@git.wordpress.org>
Date: Mon, 17 Mar 2014 20:08:25 +0000
Subject: [PATCH] In is_serialized(), use substr() rather than array access,
 for compatibility with multibyte overloading.

props SergeyBiryukov.
fixes #18007.


git-svn-id: https://develop.svn.wordpress.org/trunk@27565 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/functions.php | 38 ++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 6fa978c099..5f4e76367d 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -251,20 +251,24 @@ function maybe_unserialize( $original ) {
  */
 function is_serialized( $data, $strict = true ) {
 	// if it isn't a string, it isn't serialized
-	if ( ! is_string( $data ) )
+	if ( ! is_string( $data ) ) {
 		return false;
+	}
 	$data = trim( $data );
- 	if ( 'N;' == $data )
+ 	if ( 'N;' == $data ) {
 		return true;
-	$length = strlen( $data );
-	if ( $length < 4 )
+	}
+	if ( strlen( $data ) < 4 ) {
 		return false;
-	if ( ':' !== $data[1] )
+	}
+	if ( ':' !== $data[1] ) {
 		return false;
+	}
 	if ( $strict ) {
-		$lastc = $data[ $length - 1 ];
-		if ( ';' !== $lastc && '}' !== $lastc )
+		$lastc = substr( $data, -1 );
+		if ( ';' !== $lastc && '}' !== $lastc ) {
 			return false;
+		}
 	} else {
 		$semicolon = strpos( $data, ';' );
 		$brace     = strpos( $data, '}' );
@@ -281,8 +285,9 @@ function is_serialized( $data, $strict = true ) {
 	switch ( $token ) {
 		case 's' :
 			if ( $strict ) {
-				if ( '"' !== $data[ $length - 2 ] )
+				if ( '"' !== substr( $data, -2, 1 ) ) {
 					return false;
+				}
 			} elseif ( false === strpos( $data, '"' ) ) {
 				return false;
 			}
@@ -309,22 +314,23 @@ function is_serialized( $data, $strict = true ) {
  */
 function is_serialized_string( $data ) {
 	// if it isn't a string, it isn't a serialized string
-	if ( !is_string( $data ) )
+	if ( ! is_string( $data ) ) {
 		return false;
+	}
 	$data = trim( $data );
-	$length = strlen( $data );
-	if ( $length < 4 )
+	if ( strlen( $data ) < 4 ) {
 		return false;
-	elseif ( ':' !== $data[1] )
+	} elseif ( ':' !== $data[1] ) {
 		return false;
-	elseif ( ';' !== $data[$length-1] )
+	} elseif ( ';' !== substr( $data, -1 ) ) {
 		return false;
-	elseif ( $data[0] !== 's' )
+	} elseif ( $data[0] !== 's' ) {
 		return false;
-	elseif ( '"' !== $data[$length-2] )
+	} elseif ( '"' !== substr( $data, -2, 1 ) ) {
 		return false;
-	else
+	} else {
 		return true;
+	}
 }
 
 /**