From 439538aa5bf5bd1c581e65444d301d0e7abe004c Mon Sep 17 00:00:00 2001 From: markjaquith Date: Tue, 31 Oct 2006 08:24:09 +0000 Subject: [PATCH] Catch NULL, bool, and integer values in is_serialized(). Props mdawaffe. fixes #3310 git-svn-id: http://svn.automattic.com/wordpress/trunk@4438 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions.php | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 513a5dd35..ebd18d76d 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -163,19 +163,37 @@ function maybe_unserialize($original) { } function is_serialized($data) { - if ( !is_string($data) ) // if it isn't a string, it isn't serialized + // if it isn't a string, it isn't serialized + if ( !is_string($data) ) return false; $data = trim($data); - if ( preg_match("/^[adobis]:[0-9]+:.*[;}]/si",$data) ) // this should fetch all legitimately serialized data + if ( 'N;' == $data ) return true; + if ( !preg_match('/^([adObis]):/', $data, $badions) ) + return false; + switch ( $badions[1] ) : + case 'a' : + case 'O' : + case 's' : + if ( preg_match("/^{$badions[1]}:[0-9]+:.*[;}]\$/s", $data) ) + return true; + break; + case 'b' : + case 'i' : + case 'd' : + if ( preg_match("/^{$badions[1]}:[0-9.E-]+;\$/", $data) ) + return true; + break; + endswitch; return false; } function is_serialized_string($data) { - if ( !is_string($data) ) // if it isn't a string, it isn't a serialized string + // if it isn't a string, it isn't a serialized string + if ( !is_string($data) ) return false; $data = trim($data); - if ( preg_match("/^s:[0-9]+:.*[;}]/si",$data) ) // this should fetch all serialized strings + if ( preg_match('/^s:[0-9]+:.*;$/s',$data) ) // this should fetch all serialized strings return true; return false; } @@ -1202,5 +1220,4 @@ function _mce_add_direction_buttons($input) { return $input; } - ?>