sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

In is_serialized(), use substr() rather than array access, for compatibility with multibyte overloading.

Browse Source 
props SergeyBiryukov.
fixes #18007.


git-svn-id: https://develop.svn.wordpress.org/trunk@27565 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2014-03-17 20:08:25 +00:00
parent 405615dd6a
commit b6195eb82a
1 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/wp-includes/functions.php
View File

@ -251,20 +251,24 @@ function maybe_unserialize( $original ) {
*/ */
function is_serialized( $data, $strict = true ) { function is_serialized( $data, $strict = true ) {
// if it isn't a string, it isn't serialized // if it isn't a string, it isn't serialized
if ( ! is_string( $data ) ) if ( ! is_string( $data ) ) {
return false; return false;
}
$data = trim( $data ); $data = trim( $data );
if ( 'N;' == $data ) if ( 'N;' == $data ) {
return true; return true;
$length = strlen( $data ); }
if ( $length < 4 ) if ( strlen( $data ) < 4 ) {
return false; return false;
if ( ':' !== $data[1] ) }
if ( ':' !== $data[1] ) {
return false; return false;
}
if ( $strict ) { if ( $strict ) {
$lastc = $data[ $length - 1 ]; $lastc = substr( $data, -1 );
if ( ';' !== $lastc && '}' !== $lastc ) if ( ';' !== $lastc && '}' !== $lastc ) {
return false; return false;
}
} else { } else {
$semicolon = strpos( $data, ';' ); $semicolon = strpos( $data, ';' );
$brace = strpos( $data, '}' ); $brace = strpos( $data, '}' );
@ -281,8 +285,9 @@ function is_serialized( $data, $strict = true ) {
switch ( $token ) { switch ( $token ) {
case 's' : case 's' :
if ( $strict ) { if ( $strict ) {
if ( '"' !== $data[ $length - 2 ] ) if ( '"' !== substr( $data, -2, 1 ) ) {
return false; return false;
}
} elseif ( false === strpos( $data, '"' ) ) { } elseif ( false === strpos( $data, '"' ) ) {
return false; return false;
} }
@ -309,23 +314,24 @@ function is_serialized( $data, $strict = true ) {
*/ */
function is_serialized_string( $data ) { function is_serialized_string( $data ) {
// if it isn't a string, it isn't a serialized string // if it isn't a string, it isn't a serialized string
if ( !is_string( $data ) ) if ( ! is_string( $data ) ) {
return false; return false;
}
$data = trim( $data ); $data = trim( $data );
$length = strlen( $data ); if ( strlen( $data ) < 4 ) {
if ( $length < 4 )
return false; return false;
elseif ( ':' !== $data[1] ) } elseif ( ':' !== $data[1] ) {
return false; return false;
elseif ( ';' !== $data[$length-1] ) } elseif ( ';' !== substr( $data, -1 ) ) {
return false; return false;
elseif ( $data[0] !== 's' ) } elseif ( $data[0] !== 's' ) {
return false; return false;
elseif ( '"' !== $data[$length-2] ) } elseif ( '"' !== substr( $data, -2, 1 ) ) {
return false; return false;
else } else {
return true; return true;
} }
}
/** /**
* Serialize data, if needed. * Serialize data, if needed.