[wp-trac] [WordPress Trac] #52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does not handle null byte
WordPress Trac
noreply at wordpress.org
Sun Jul 2 12:02:22 UTC 2023
#52738: Use of get_object_vars() in sanitize_post() and WP_Post constructor does
not handle null byte
-------------------------------------------------+-------------------------
Reporter: bitcomplex | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.3
Component: Posts, Post Types | Version: 5.6.2
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs- | Focuses:
testing changes-requested |
-------------------------------------------------+-------------------------
Comment (by costdev):
> @bitcomplex The real issue is when you serialize objects and later
change the visibility of a property in the class the object belongs too.
Since you've decided that it is a good idea to store serialized objects
you should also handle changes of classes in a way that do not cause
fatals.
While there's room for improvement in handling cases such as `(object)
(array) $object`, I'd like to clarify who "you" refers to in each of these
so that it's clear to myself and others.
1. [you] serialize objects
2. [you] later change the visibility of a property in the class the object
belongs too
3. [you've] decided that it is a good idea to store serialized objects
4. [you should] also handle changes of classes in a way that do not cause
fatals
Where "you" refers to Core doing something, can you also provide more
information about when Core does this? Thanks!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52738#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list