[wp-trac] [WordPress Trac] #62483: maybe_serialize() does support double serialization, but does not inform the developer if doing so
WordPress Trac
noreply at wordpress.org
Fri Feb 28 17:02:53 UTC 2025
#62483: maybe_serialize() does support double serialization, but does not inform
the developer if doing so
-------------------------+------------------------
Reporter: apermo | Owner: audrasjb
Type: enhancement | Status: reviewing
Priority: normal | Milestone: 6.8
Component: General | Version: 3.6.1
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
-------------------------+------------------------
Comment (by apermo):
@audrasjb You've got a point, and I already thought about that as well.
And you're kind of right that it doesn't break things. Yes.
We could argue that this should have been done 15 years ago when double
serialization was allowed in the first place.
And while it does not break things, it's still done wrong. I'm not sure
but plugins like Better Search Replace are expecting single serialization
when performing a search and replace. I did not check what BSR would do
about it.
I would point out, that this will only cause warnings for plugins and
custom code by developers less experienced with WordPress.
Maybe we could get another opinion on that? I still think it is something
that we should inform the developers about.
I already considered to ask Juliette if we can do a WPCS Sniff for that,
but I'm pretty convinced that we could at best sniff for something like
`update_option( serialize( $array ) )` and that was not what I stumpled
upon.
So the question is, do we want to inform them that they can skip double
serialization, or not.
Could we merge it into beta, evaluating the feedback, and if there's
negative Feedback, to pull it back before the final release?
Would that be a valid option?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62483#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list