[wp-trac] [WordPress Trac] #25311: Replace PHP-serialized data with JSON in api.wordpress.org
WordPress Trac
noreply at wordpress.org
Fri Sep 13 14:59:05 UTC 2013
#25311: Replace PHP-serialized data with JSON in api.wordpress.org
--------------------------------+-----------------------------
Reporter: scribu | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: WordPress.org site | Version:
Severity: normal | Keywords:
--------------------------------+-----------------------------
Returning PHP-serialized strings in api.wordpress.org is lame, for two
reasons:
### Security
It has the potential to lead to security exploits via PHP object
injection: http://vagosec.org/2013/09/wordpress-php-object-injection/
Considering that Core doesn't use HTTPS for most requests it makes to
api.wordpress.org, this is even more plausible.
### Portability
It's hard to unserialize these strings in other languages besides PHP.
JSON is the obvious replacement.
Related: #meta124
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25311>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list