Ticket #2591: serialize-TAKE_3.diff
| File serialize-TAKE_3.diff, 6.1 kB (added by markjaquith, 2 years ago) |
|---|
-
wp-includes/functions.php
old new 261 261 return 0; 262 262 } 263 263 264 265 264 function maybe_unserialize($original) { 266 if ( false !== $gm = @ unserialize($original) )267 return $gm;268 else269 265 if ( is_serialized($original) ) 266 if ( false !== $gm = @ unserialize($original) ) 267 return $gm; 268 return $original; 270 269 } 271 270 271 function is_serialized($data) { 272 if ( !is_string($data) ) { 273 // if it isn't a string, it isn't serialized 274 return false; 275 } 276 $data = trim($data); 277 if ( preg_match("/^(a|d|o|b|i|s):[0-9]+:(.*)[;}]/si",$data) ) 278 return true; 279 return false; 280 } 281 272 282 /* Options functions */ 273 283 274 284 function get_settings($setting) { … … 365 375 return true; 366 376 } 367 377 368 if ( is_array($newvalue) || is_object($newvalue) ) 369 $newvalue = serialize($newvalue); 378 $newvalue = prepare_data($newvalue); 370 379 371 380 wp_cache_set($option_name, $newvalue, 'options'); 372 381 … … 395 404 if ( false !== get_option($name) ) 396 405 return; 397 406 398 if ( is_array($value) || is_object($value) ) 399 $value = serialize($value); 407 $value = prepare_data($value); 400 408 401 409 wp_cache_set($name, $value, 'options'); 402 410 … … 418 426 return true; 419 427 } 420 428 429 function prepare_data($data) { 430 if ( is_string($data) ) 431 $data = trim($data); 432 elseif ( is_array($data) || is_object($data) ) 433 return serialize($data); 434 if ( is_serialized($data) ) 435 return serialize($data); 436 return $data; 437 } 438 421 439 function add_post_meta($post_id, $key, $value, $unique = false) { 422 440 global $wpdb, $post_meta_cache; 423 441 … … 431 449 $original = $value; 432 450 if ( is_array($value) || is_object($value) ) 433 451 $value = $wpdb->escape(serialize($value)); 452 else 453 $value = prepare_data($value); 434 454 435 455 $wpdb->query("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES ('$post_id','$key','$value')"); 436 456 … … 510 530 $original_value = $value; 511 531 if ( is_array($value) || is_object($value) ) 512 532 $value = $wpdb->escape(serialize($value)); 533 else 534 $value = prepare_data($value); 513 535 514 536 $original_prev = $prev_value; 515 537 if ( is_array($prev_value) || is_object($prev_value) ) … … 2165 2187 return false; 2166 2188 $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); 2167 2189 2168 if ( is_array($meta_value) || is_object($meta_value) ) 2169 $meta_value = serialize($meta_value); 2170 $meta_value = trim( $meta_value ); 2190 $meta_value = prepare_data($meta_value); 2171 2191 2172 if ( empty($meta_value)) {2192 if ( empty($meta_value) ) 2173 2193 delete_usermeta($user_id, $meta_key); 2174 }2175 2194 2176 2195 $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'"); 2177 2196 if ( !$cur ) { … … 2197 2216 return false; 2198 2217 $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key); 2199 2218 2200 if ( is_array($meta_value) || is_object($meta_value) ) 2201 $meta_value = serialize($meta_value); 2202 $meta_value = trim( $meta_value ); 2219 $meta_value = prepare_data($meta_value); 2203 2220 2204 2221 if ( ! empty($meta_value) ) 2205 2222 $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'"); -
wp-admin/admin-functions.php
old new 849 849 $style = ''; 850 850 if ('_' == $entry['meta_key'] { 0 }) 851 851 $style .= ' hidden'; 852 if ( is_serialized($entry['meta_value']) ) { 853 if ( 's' == $entry['meta_value']{0} ) { 854 // It is a serialized string, so we should display it 855 $entry['meta_value'] = maybe_unserialize($entry['meta_value']); 856 } else { 857 -- $count; 858 continue; 859 } 860 } 852 861 echo " 853 862 <tr class='$style'> 854 863 <td valign='top'><input name='meta[{$entry['meta_id']}][key]' tabindex='6' type='text' size='20' value='{$entry['meta_key']}' /></td> … … 920 929 921 930 $metakeyselect = $wpdb->escape(stripslashes(trim($_POST['metakeyselect']))); 922 931 $metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput']))); 923 $metavalue = $wpdb->escape(stripslashes(trim($_POST['metavalue']))); 932 $metavalue = prepare_data(stripslashes((trim($_POST['metavalue'])))); 933 $metavalue = $wpdb->escape($metavalue); 924 934 925 935 if ( ('0' === $metavalue || !empty ($metavalue)) && ((('#NONE#' != $metakeyselect) && !empty ($metakeyselect)) || !empty ($metakeyinput)) ) { 926 936 // We have a key/value pair. If both the select and the … … 948 958 949 959 function update_meta($mid, $mkey, $mvalue) { 950 960 global $wpdb; 951 961 if ( is_serialized(stripslashes($mvalue)) ) 962 $mvalue = serialize($mvalue); 952 963 return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'"); 953 964 } 954 965 -
wp-admin/options.php
old new 33 33 34 34 if (!$_POST['page_options']) { 35 35 foreach ($_POST as $key => $value) { 36 $options[] = $key; 36 if ( $value != '%SERIALIZED_DATA%') 37 $options[] = $key; 37 38 } 38 39 } else { 39 40 $options = explode(',', stripslashes($_POST['page_options'])); … … 95 96 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); 96 97 97 98 foreach ($options as $option) : 98 $value = wp_specialchars($option->option_value); 99 $disabled = ''; 100 if ( is_serialized($option->option_value) ) { 101 if ( 's' == $option->option_value{0} ) { 102 // It is a serialized string, so we should display it 103 $value = wp_specialchars(maybe_unserialize($option->option_value)); 104 } else { 105 $value = '%SERIALIZED_DATA%'; 106 $disabled = ' disabled="disabled"'; 107 } 108 } else { 109 $value = wp_specialchars($option->option_value); 110 } 99 111 echo " 100 112 <tr> 101 113 <th scope='row'><label for='$option->option_name'>$option->option_name</label></th> 102 <td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>114 <td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled /></td> 103 115 <td>$option->option_description</td> 104 116 </tr>"; 105 117 endforeach;
